From b0b170de534e277375ea913c3e9fdb1808e5a086 Mon Sep 17 00:00:00 2001 From: Patrick Dillon Date: Wed, 24 Apr 2024 09:32:30 -0400 Subject: [PATCH 1/4] features: adapt to new o/api features package Features moved to a new package in openshift/api in: https://github.com/openshift/api/commit/e00b98199f5b24bc08689cb2c38a53b28d73fd1b This commit just adapts the installer to use the new packages. --- pkg/asset/machines/master.go | 3 ++- pkg/asset/manifests/capiutils/helpers.go | 4 ++-- pkg/destroy/bootstrap/bootstrap.go | 4 ++-- pkg/infrastructure/platform/platform.go | 20 +++++++++---------- .../platform/platform_altinfra.go | 18 ++++++++--------- pkg/types/featuregates/featuregates.go | 7 ++++--- pkg/types/gcp/validation/featuregates.go | 8 ++++---- pkg/types/installconfig.go | 3 ++- pkg/types/utils.go | 7 ++++--- pkg/types/validation/installconfig.go | 5 +++-- pkg/types/vsphere/validation/featuregates.go | 4 ++-- 11 files changed, 44 insertions(+), 39 deletions(-) diff --git a/pkg/asset/machines/master.go b/pkg/asset/machines/master.go index 448fb576aef..38d7465c6b1 100644 --- a/pkg/asset/machines/master.go +++ b/pkg/asset/machines/master.go @@ -17,6 +17,7 @@ import ( "sigs.k8s.io/yaml" configv1 "github.com/openshift/api/config/v1" + "github.com/openshift/api/features" machinev1 "github.com/openshift/api/machine/v1" machinev1alpha1 "github.com/openshift/api/machine/v1alpha1" machinev1beta1 "github.com/openshift/api/machine/v1beta1" @@ -270,7 +271,7 @@ func (m *Master) Generate(dependencies asset.Parents) error { // so we don't want to include target pools in the control plane machineset. // TODO(padillon): once this feature gate is the default and we are // no longer using Terraform, we can update ConfigMasters not to populate this. - if ic.EnabledFeatureGates().Enabled(configv1.FeatureGateClusterAPIInstall) { + if ic.EnabledFeatureGates().Enabled(features.FeatureGateClusterAPIInstall) { for _, machine := range machines { providerSpec, ok := machine.Spec.ProviderSpec.Value.Object.(*machinev1beta1.GCPMachineProviderSpec) if !ok { diff --git a/pkg/asset/manifests/capiutils/helpers.go b/pkg/asset/manifests/capiutils/helpers.go index bec78bcbd4e..10f88357285 100644 --- a/pkg/asset/manifests/capiutils/helpers.go +++ b/pkg/asset/manifests/capiutils/helpers.go @@ -1,7 +1,7 @@ package capiutils import ( - v1 "github.com/openshift/api/config/v1" + "github.com/openshift/api/features" "github.com/openshift/installer/pkg/asset/installconfig" "github.com/openshift/installer/pkg/ipnet" ) @@ -21,7 +21,7 @@ func CIDRFromInstallConfig(installConfig *installconfig.InstallConfig) *ipnet.IP // IsEnabled returns true if the feature gate is enabled. func IsEnabled(installConfig *installconfig.InstallConfig) bool { - return installConfig.Config.EnabledFeatureGates().Enabled(v1.FeatureGateClusterAPIInstall) + return installConfig.Config.EnabledFeatureGates().Enabled(features.FeatureGateClusterAPIInstall) } // GenerateBoostrapMachineName generates the Cluster API Machine used for bootstrapping diff --git a/pkg/destroy/bootstrap/bootstrap.go b/pkg/destroy/bootstrap/bootstrap.go index 37cf6255830..8025bde6a2c 100644 --- a/pkg/destroy/bootstrap/bootstrap.go +++ b/pkg/destroy/bootstrap/bootstrap.go @@ -10,7 +10,7 @@ import ( "github.com/pkg/errors" "github.com/sirupsen/logrus" - configv1 "github.com/openshift/api/config/v1" + "github.com/openshift/api/features" "github.com/openshift/installer/pkg/asset/cluster/metadata" osp "github.com/openshift/installer/pkg/destroy/openstack" "github.com/openshift/installer/pkg/infrastructure/openstack/preprovision" @@ -73,7 +73,7 @@ func Destroy(ctx context.Context, dir string) (err error) { // Get cluster profile for new FeatureGate access. Blank is no longer an option, so default to // SelfManaged. clusterProfile := types.GetClusterProfileName() - featureSets, ok := configv1.AllFeatureSets()[clusterProfile] + featureSets, ok := features.AllFeatureSets()[clusterProfile] if !ok { return fmt.Errorf("no feature sets for cluster profile %q", clusterProfile) } diff --git a/pkg/infrastructure/platform/platform.go b/pkg/infrastructure/platform/platform.go index 0c7baaa500f..c7195c00c55 100644 --- a/pkg/infrastructure/platform/platform.go +++ b/pkg/infrastructure/platform/platform.go @@ -6,7 +6,7 @@ package platform import ( "fmt" - configv1 "github.com/openshift/api/config/v1" + "github.com/openshift/api/features" "github.com/openshift/installer/pkg/infrastructure" awscapi "github.com/openshift/installer/pkg/infrastructure/aws/clusterapi" awsinfra "github.com/openshift/installer/pkg/infrastructure/aws/sdk" @@ -50,15 +50,15 @@ import ( func ProviderForPlatform(platform string, fg featuregates.FeatureGate) (infrastructure.Provider, error) { switch platform { case awstypes.Name: - if fg.Enabled(configv1.FeatureGateClusterAPIInstall) { + if fg.Enabled(features.FeatureGateClusterAPIInstall) { return clusterapi.InitializeProvider(&awscapi.Provider{}), nil } - if fg.Enabled(configv1.FeatureGateInstallAlternateInfrastructureAWS) { + if fg.Enabled(features.FeatureGateInstallAlternateInfrastructureAWS) { return awsinfra.InitializeProvider(), nil } return terraform.InitializeProvider(aws.PlatformStages), nil case azuretypes.Name: - if fg.Enabled(configv1.FeatureGateClusterAPIInstall) { + if fg.Enabled(features.FeatureGateClusterAPIInstall) { return clusterapi.InitializeProvider(&azureinfra.Provider{}), nil } return terraform.InitializeProvider(azure.PlatformStages), nil @@ -67,36 +67,36 @@ func ProviderForPlatform(platform string, fg featuregates.FeatureGate) (infrastr case baremetaltypes.Name: return baremetalinfra.InitializeProvider(), nil case gcptypes.Name: - if fg.Enabled(configv1.FeatureGateClusterAPIInstall) { + if fg.Enabled(features.FeatureGateClusterAPIInstall) { return clusterapi.InitializeProvider(gcpcapi.Provider{}), nil } return terraform.InitializeProvider(gcp.PlatformStages), nil case ibmcloudtypes.Name: - if fg.Enabled(configv1.FeatureGateClusterAPIInstall) { + if fg.Enabled(features.FeatureGateClusterAPIInstall) { return clusterapi.InitializeProvider(ibmcloudcapi.Provider{}), nil } return terraform.InitializeProvider(ibmcloud.PlatformStages), nil case libvirttypes.Name: return terraform.InitializeProvider(libvirt.PlatformStages), nil case nutanixtypes.Name: - if fg.Enabled(configv1.FeatureGateClusterAPIInstall) { + if fg.Enabled(features.FeatureGateClusterAPIInstall) { return clusterapi.InitializeProvider(nutanixcapi.Provider{}), nil } return terraform.InitializeProvider(nutanix.PlatformStages), nil case powervstypes.Name: - if fg.Enabled(configv1.FeatureGateClusterAPIInstall) { + if fg.Enabled(features.FeatureGateClusterAPIInstall) { return clusterapi.InitializeProvider(&powervscapi.Provider{}), nil } return terraform.InitializeProvider(powervs.PlatformStages), nil case openstacktypes.Name: - if fg.Enabled(configv1.FeatureGateClusterAPIInstall) { + if fg.Enabled(features.FeatureGateClusterAPIInstall) { return clusterapi.InitializeProvider(openstackcapi.Provider{}), nil } return terraform.InitializeProvider(openstack.PlatformStages), nil case ovirttypes.Name: return terraform.InitializeProvider(ovirt.PlatformStages), nil case vspheretypes.Name: - if fg.Enabled(configv1.FeatureGateClusterAPIInstall) { + if fg.Enabled(features.FeatureGateClusterAPIInstall) { return clusterapi.InitializeProvider(vspherecapi.Provider{}), nil } return terraform.InitializeProvider(vsphere.PlatformStages), nil diff --git a/pkg/infrastructure/platform/platform_altinfra.go b/pkg/infrastructure/platform/platform_altinfra.go index 05198a06591..ec143d1f733 100644 --- a/pkg/infrastructure/platform/platform_altinfra.go +++ b/pkg/infrastructure/platform/platform_altinfra.go @@ -6,7 +6,7 @@ package platform import ( "fmt" - configv1 "github.com/openshift/api/config/v1" + "github.com/openshift/api/features" "github.com/openshift/installer/pkg/infrastructure" awscapi "github.com/openshift/installer/pkg/infrastructure/aws/clusterapi" awsinfra "github.com/openshift/installer/pkg/infrastructure/aws/sdk" @@ -33,40 +33,40 @@ import ( func ProviderForPlatform(platform string, fg featuregates.FeatureGate) (infrastructure.Provider, error) { switch platform { case awstypes.Name: - if fg.Enabled(configv1.FeatureGateClusterAPIInstall) { + if fg.Enabled(features.FeatureGateClusterAPIInstall) { return clusterapi.InitializeProvider(&awscapi.Provider{}), nil } return awsinfra.InitializeProvider(), nil case azuretypes.Name: - if fg.Enabled(configv1.FeatureGateClusterAPIInstall) { + if fg.Enabled(features.FeatureGateClusterAPIInstall) { return clusterapi.InitializeProvider(&azurecapi.Provider{}), nil } return nil, nil case gcptypes.Name: - if fg.Enabled(configv1.FeatureGateClusterAPIInstall) { + if fg.Enabled(features.FeatureGateClusterAPIInstall) { return clusterapi.InitializeProvider(gcpcapi.Provider{}), nil } return nil, nil case ibmcloudtypes.Name: - if fg.Enabled(configv1.FeatureGateClusterAPIInstall) { + if fg.Enabled(features.FeatureGateClusterAPIInstall) { return clusterapi.InitializeProvider(ibmcloudcapi.Provider{}), nil } return nil, nil case vspheretypes.Name: - if fg.Enabled(configv1.FeatureGateClusterAPIInstall) { + if fg.Enabled(features.FeatureGateClusterAPIInstall) { return clusterapi.InitializeProvider(vspherecapi.Provider{}), nil } case powervstypes.Name: - if fg.Enabled(configv1.FeatureGateClusterAPIInstall) { + if fg.Enabled(features.FeatureGateClusterAPIInstall) { return clusterapi.InitializeProvider(powervscapi.Provider{}), nil } return nil, nil case openstacktypes.Name: - if fg.Enabled(configv1.FeatureGateClusterAPIInstall) { + if fg.Enabled(features.FeatureGateClusterAPIInstall) { return clusterapi.InitializeProvider(openstackcapi.Provider{}), nil } case nutanixtypes.Name: - if fg.Enabled(configv1.FeatureGateClusterAPIInstall) { + if fg.Enabled(features.FeatureGateClusterAPIInstall) { return clusterapi.InitializeProvider(nutanixcapi.Provider{}), nil } } diff --git a/pkg/types/featuregates/featuregates.go b/pkg/types/featuregates/featuregates.go index 03052d02824..e0ec6705ed4 100644 --- a/pkg/types/featuregates/featuregates.go +++ b/pkg/types/featuregates/featuregates.go @@ -9,9 +9,10 @@ import ( "k8s.io/apimachinery/pkg/util/sets" configv1 "github.com/openshift/api/config/v1" + features "github.com/openshift/api/features" ) -func toFeatureGateNames(in []configv1.FeatureGateDescription) []configv1.FeatureGateName { +func toFeatureGateNames(in []features.FeatureGateDescription) []configv1.FeatureGateName { out := []configv1.FeatureGateName{} for _, curr := range in { out = append(out, curr.FeatureGateAttributes.Name) @@ -21,7 +22,7 @@ func toFeatureGateNames(in []configv1.FeatureGateDescription) []configv1.Feature } // completeFeatureGates identifies every known feature and ensures that is explicitly on or explicitly off. -func completeFeatureGates(knownFeatureSets map[configv1.FeatureSet]*configv1.FeatureGateEnabledDisabled, enabled, disabled []configv1.FeatureGateName) ([]configv1.FeatureGateName, []configv1.FeatureGateName) { +func completeFeatureGates(knownFeatureSets map[configv1.FeatureSet]*features.FeatureGateEnabledDisabled, enabled, disabled []configv1.FeatureGateName) ([]configv1.FeatureGateName, []configv1.FeatureGateName) { specificallyEnabledFeatureGates := sets.New[configv1.FeatureGateName]() specificallyEnabledFeatureGates.Insert(enabled...) @@ -41,7 +42,7 @@ func completeFeatureGates(knownFeatureSets map[configv1.FeatureSet]*configv1.Fea } // FeatureGateFromFeatureSets creates a FeatureGate from the active feature sets. -func FeatureGateFromFeatureSets(knownFeatureSets map[configv1.FeatureSet]*configv1.FeatureGateEnabledDisabled, fs configv1.FeatureSet, customFS *configv1.CustomFeatureGates) FeatureGate { +func FeatureGateFromFeatureSets(knownFeatureSets map[configv1.FeatureSet]*features.FeatureGateEnabledDisabled, fs configv1.FeatureSet, customFS *configv1.CustomFeatureGates) FeatureGate { if customFS != nil { completeEnabled, completeDisabled := completeFeatureGates(knownFeatureSets, customFS.Enabled, customFS.Disabled) return newFeatureGate(completeEnabled, completeDisabled) diff --git a/pkg/types/gcp/validation/featuregates.go b/pkg/types/gcp/validation/featuregates.go index efa4f011690..43d0dde8816 100644 --- a/pkg/types/gcp/validation/featuregates.go +++ b/pkg/types/gcp/validation/featuregates.go @@ -3,7 +3,7 @@ package validation import ( "k8s.io/apimachinery/pkg/util/validation/field" - configv1 "github.com/openshift/api/config/v1" + features "github.com/openshift/api/features" "github.com/openshift/installer/pkg/types" "github.com/openshift/installer/pkg/types/featuregates" "github.com/openshift/installer/pkg/types/gcp" @@ -15,17 +15,17 @@ func GatedFeatures(c *types.InstallConfig) []featuregates.GatedInstallConfigFeat g := c.GCP return []featuregates.GatedInstallConfigFeature{ { - FeatureGateName: configv1.FeatureGateGCPLabelsTags, + FeatureGateName: features.FeatureGateGCPLabelsTags, Condition: len(g.UserLabels) > 0, Field: field.NewPath("platform", "gcp", "userLabels"), }, { - FeatureGateName: configv1.FeatureGateGCPLabelsTags, + FeatureGateName: features.FeatureGateGCPLabelsTags, Condition: len(g.UserTags) > 0, Field: field.NewPath("platform", "gcp", "userTags"), }, { - FeatureGateName: configv1.FeatureGateGCPClusterHostedDNS, + FeatureGateName: features.FeatureGateGCPClusterHostedDNS, Condition: g.UserProvisionedDNS == gcp.UserProvisionedDNSEnabled, Field: field.NewPath("platform", "gcp", "userProvisionedDNS"), }, diff --git a/pkg/types/installconfig.go b/pkg/types/installconfig.go index 98bca7827ae..7030625d515 100644 --- a/pkg/types/installconfig.go +++ b/pkg/types/installconfig.go @@ -8,6 +8,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" configv1 "github.com/openshift/api/config/v1" + features "github.com/openshift/api/features" "github.com/openshift/installer/pkg/ipnet" "github.com/openshift/installer/pkg/types/aws" "github.com/openshift/installer/pkg/types/azure" @@ -549,7 +550,7 @@ func (c *InstallConfig) EnabledFeatureGates() featuregates.FeatureGate { } clusterProfile := GetClusterProfileName() - featureSets, ok := configv1.AllFeatureSets()[clusterProfile] + featureSets, ok := features.AllFeatureSets()[clusterProfile] if !ok { logrus.Warnf("no feature sets for cluster profile %q", clusterProfile) } diff --git a/pkg/types/utils.go b/pkg/types/utils.go index 1171a593d10..bd06b13d258 100644 --- a/pkg/types/utils.go +++ b/pkg/types/utils.go @@ -7,6 +7,7 @@ import ( "github.com/sirupsen/logrus" configv1 "github.com/openshift/api/config/v1" + features "github.com/openshift/api/features" ) // StringsToIPs is used to convert list of strings to list of IP addresses. @@ -42,15 +43,15 @@ func MachineNetworksToCIDRs(nets []MachineNetworkEntry) []configv1.CIDR { // GetClusterProfileName utility method to retrieve the cluster profile setting. This is used // when dealing with openshift api to get FeatureSets. -func GetClusterProfileName() configv1.ClusterProfileName { +func GetClusterProfileName() features.ClusterProfileName { // Get cluster profile for new FeatureGate access. Blank is no longer an option, so default to // SelfManaged. - clusterProfile := configv1.SelfManaged + clusterProfile := features.SelfManaged if cp := os.Getenv("OPENSHIFT_INSTALL_EXPERIMENTAL_CLUSTER_PROFILE"); cp != "" { logrus.Warnf("Found override for Cluster Profile: %q", cp) // All profiles when getting FeatureSets need to have "include.release.openshift.io/" at the beginning. // See vendor/openshift/api/config/v1/feature_gates.go for more info. - clusterProfile = configv1.ClusterProfileName(fmt.Sprintf("%s%s", "include.release.openshift.io/", cp)) + clusterProfile = features.ClusterProfileName(fmt.Sprintf("%s%s", "include.release.openshift.io/", cp)) } return clusterProfile } diff --git a/pkg/types/validation/installconfig.go b/pkg/types/validation/installconfig.go index ac3b56b136a..665e553f286 100644 --- a/pkg/types/validation/installconfig.go +++ b/pkg/types/validation/installconfig.go @@ -20,6 +20,7 @@ import ( utilsnet "k8s.io/utils/net" configv1 "github.com/openshift/api/config/v1" + "github.com/openshift/api/features" operv1 "github.com/openshift/api/operator/v1" "github.com/openshift/installer/pkg/hostcrypt" "github.com/openshift/installer/pkg/ipnet" @@ -1229,14 +1230,14 @@ func ValidateFeatureSet(c *types.InstallConfig) field.ErrorList { allErrs := field.ErrorList{} clusterProfile := types.GetClusterProfileName() - featureSets, ok := configv1.AllFeatureSets()[clusterProfile] + featureSets, ok := features.AllFeatureSets()[clusterProfile] if !ok { logrus.Warnf("no feature sets for cluster profile %q", clusterProfile) } if _, ok := featureSets[c.FeatureSet]; c.FeatureSet != configv1.CustomNoUpgrade && !ok { sortedFeatureSets := func() []string { v := []string{} - for n := range configv1.AllFeatureSets()[clusterProfile] { + for n := range features.AllFeatureSets()[clusterProfile] { v = append(v, string(n)) } // Add CustomNoUpgrade since it is not part of features sets for profiles diff --git a/pkg/types/vsphere/validation/featuregates.go b/pkg/types/vsphere/validation/featuregates.go index d6747f0f2bc..a2776add877 100644 --- a/pkg/types/vsphere/validation/featuregates.go +++ b/pkg/types/vsphere/validation/featuregates.go @@ -3,7 +3,7 @@ package validation import ( "k8s.io/apimachinery/pkg/util/validation/field" - configv1 "github.com/openshift/api/config/v1" + "github.com/openshift/api/features" "github.com/openshift/installer/pkg/types" "github.com/openshift/installer/pkg/types/featuregates" ) @@ -14,7 +14,7 @@ func GatedFeatures(c *types.InstallConfig) []featuregates.GatedInstallConfigFeat v := c.VSphere return []featuregates.GatedInstallConfigFeature{ { - FeatureGateName: configv1.FeatureGateVSphereStaticIPs, + FeatureGateName: features.FeatureGateVSphereStaticIPs, Condition: len(v.Hosts) > 0, Field: field.NewPath("platform", "vsphere", "hosts"), }, From 13f69f09aeb2cc3cb885a262e882ac886a681a88 Mon Sep 17 00:00:00 2001 From: Patrick Dillon Date: Mon, 29 Apr 2024 10:44:31 -0400 Subject: [PATCH 2/4] go.mod: vendor individual capi feature gates go get github.com/openshift/api@master go mod tidy --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index 6c4ef54de56..c329fccdb85 100644 --- a/go.mod +++ b/go.mod @@ -64,7 +64,7 @@ require ( github.com/nutanix-cloud-native/cluster-api-provider-nutanix v1.3.3-0.20240416171357-98239ba02cb2 github.com/nutanix-cloud-native/prism-go-client v0.3.4 github.com/onsi/gomega v1.32.0 - github.com/openshift/api v0.0.0-20240313103236-5f1498accd5d + github.com/openshift/api v0.0.0-20240429104249-ac9356ba1784 github.com/openshift/assisted-image-service v0.0.0-20240408153851-f822399afa8a github.com/openshift/assisted-service/api v0.0.0 github.com/openshift/assisted-service/client v0.0.0 diff --git a/go.sum b/go.sum index 0fd66e5c59d..c444599c7ad 100644 --- a/go.sum +++ b/go.sum @@ -1972,8 +1972,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b h1:YWuSjZCQAPM8UUBLkYUk1e+rZcvWHJmFb6i6rM44Xs8= github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= -github.com/openshift/api v0.0.0-20240313103236-5f1498accd5d h1:WE1fNTWjcCQMZ+8flkBER/ygsYvQIum25F/2qBQPi+g= -github.com/openshift/api v0.0.0-20240313103236-5f1498accd5d/go.mod h1:CxgbWAlvu2iQB0UmKTtRu1YfepRg1/vJ64n2DlIEVz4= +github.com/openshift/api v0.0.0-20240429104249-ac9356ba1784 h1:SmOZFMxuAH4d1Cj7dOftVyo4Wg/mEC4pwz6QIJJsAkc= +github.com/openshift/api v0.0.0-20240429104249-ac9356ba1784/go.mod h1:CxgbWAlvu2iQB0UmKTtRu1YfepRg1/vJ64n2DlIEVz4= github.com/openshift/assisted-image-service v0.0.0-20240408153851-f822399afa8a h1:xWlqkUnY9N6aiKFgzHG27fc3kyjoxeanVdwVUUzgTs0= github.com/openshift/assisted-image-service v0.0.0-20240408153851-f822399afa8a/go.mod h1:o2H5VwQhUD8P6XsK6dRmKpCCJqVvv12KJQZBXmcCXCU= github.com/openshift/assisted-service/api v0.0.0-20230831114549-1922eda29cf8 h1:+fZLKbycDo4JeLwPGVSAgf2XPaJGLM341l9ZfrrlxG0= From b1b7bb4895154a53b80b6df7f1a4f32c902658ae Mon Sep 17 00:00:00 2001 From: Patrick Dillon Date: Mon, 29 Apr 2024 10:44:56 -0400 Subject: [PATCH 3/4] vendor: o/api capi provider feature gates go mod vendor --- ...rsion-operator_01_clusteroperator.crd.yaml | 168 - ...01_clusterversion-CustomNoUpgrade.crd.yaml | 782 ----- ...perator_01_clusterversion-Default.crd.yaml | 729 ----- ...usterversion-TechPreviewNoUpgrade.crd.yaml | 782 ----- .../0000_03_config-operator_01_proxy.crd.yaml | 107 - ...rketplace-operator_01_operatorhub.crd.yaml | 110 - ...0_10_config-operator_01_apiserver.crd.yaml | 315 -- ...ator_01_authentication.crd-Hypershift.yaml | 552 ---- ...ion.crd-SelfManagedHA-CustomNoUpgrade.yaml | 553 ---- ...hentication.crd-SelfManagedHA-Default.yaml | 171 -- ...rd-SelfManagedHA-TechPreviewNoUpgrade.yaml | 553 ---- ...cation.crd-SingleNode-CustomNoUpgrade.yaml | 553 ---- ...authentication.crd-SingleNode-Default.yaml | 171 -- ...n.crd-SingleNode-TechPreviewNoUpgrade.yaml | 553 ---- ...000_10_config-operator_01_console.crd.yaml | 76 - .../0000_10_config-operator_01_dns.crd.yaml | 159 - ...10_config-operator_01_featuregate.crd.yaml | 214 -- .../0000_10_config-operator_01_image.crd.yaml | 163 - ...ig-operator_01_imagecontentpolicy.crd.yaml | 113 - ...-operator_01_imagedigestmirrorset.crd.yaml | 142 - ...fig-operator_01_imagetagmirrorset.crd.yaml | 145 - ...01_infrastructure-CustomNoUpgrade.crd.yaml | 2090 ------------- ...perator_01_infrastructure-Default.crd.yaml | 1874 ------------ ...frastructure-TechPreviewNoUpgrade.crd.yaml | 2090 ------------- ...000_10_config-operator_01_ingress.crd.yaml | 554 ---- ...000_10_config-operator_01_network.crd.yaml | 283 -- .../0000_10_config-operator_01_node.crd.yaml | 67 - .../0000_10_config-operator_01_oauth.crd.yaml | 699 ----- ...000_10_config-operator_01_project.crd.yaml | 69 - ...ator_01_scheduler-CustomNoUpgrade.crd.yaml | 131 - ...fig-operator_01_scheduler-Default.crd.yaml | 110 - ...01_scheduler-TechPreviewNoUpgrade.crd.yaml | 131 - ...troller-manager-operator_01_build.crd.yaml | 431 --- ...ustom.authentication.single.testsuite.yaml | 284 -- .../v1/custom.authentication.testsuite.yaml | 284 -- .../v1/custom.clusterversion.testsuite.yaml | 472 --- .../v1/custom.infrastructure.testsuite.yaml | 321 -- .../config/v1/custom.scheduler.testsuite.yaml | 14 - .../config/v1/stable.apiserver.testsuite.yaml | 36 - ...table.authentication.single.testsuite.yaml | 21 - .../v1/stable.authentication.testsuite.yaml | 21 - .../api/config/v1/stable.build.testsuite.yaml | 14 - .../v1/stable.clusteroperator.testsuite.yaml | 14 - .../v1/stable.clusterversion.testsuite.yaml | 418 --- .../config/v1/stable.console.testsuite.yaml | 14 - .../api/config/v1/stable.dns.testsuite.yaml | 105 - .../v1/stable.featuregate.testsuite.yaml | 14 - ...e.hypershift.authentication.testsuite.yaml | 298 -- .../api/config/v1/stable.image.testsuite.yaml | 14 - .../stable.imagecontentpolicy.testsuite.yaml | 14 - ...stable.imagedigestmirrorset.testsuite.yaml | 14 - .../stable.imagetagmirrorset.testsuite.yaml | 14 - .../v1/stable.infrastructure.testsuite.yaml | 1367 --------- .../config/v1/stable.ingress.testsuite.yaml | 14 - .../config/v1/stable.network.testsuite.yaml | 37 - .../api/config/v1/stable.node.testsuite.yaml | 14 - .../api/config/v1/stable.oauth.testsuite.yaml | 14 - .../v1/stable.operatorhub.testsuite.yaml | 14 - .../config/v1/stable.project.testsuite.yaml | 14 - .../api/config/v1/stable.proxy.testsuite.yaml | 14 - .../config/v1/stable.scheduler.testsuite.yaml | 14 - ...eview.authentication.single.testsuite.yaml | 298 -- .../techpreview.authentication.testsuite.yaml | 298 -- .../techpreview.clusterversion.testsuite.yaml | 472 --- .../techpreview.infrastructure.testsuite.yaml | 644 ---- .../v1/techpreview.scheduler.testsuite.yaml | 14 - .../api/config/v1/types_apiserver.go | 2 +- .../api/config/v1/types_authentication.go | 2 +- .../openshift/api/config/v1/types_build.go | 2 +- .../api/config/v1/types_cluster_operator.go | 3 +- .../api/config/v1/types_cluster_version.go | 3 +- .../openshift/api/config/v1/types_console.go | 2 +- .../openshift/api/config/v1/types_dns.go | 2 +- .../openshift/api/config/v1/types_feature.go | 19 +- .../openshift/api/config/v1/types_image.go | 2 +- .../config/v1/types_image_content_policy.go | 2 +- .../v1/types_image_digest_mirror_set.go | 2 +- .../config/v1/types_image_tag_mirror_set.go | 2 +- .../api/config/v1/types_infrastructure.go | 82 +- .../openshift/api/config/v1/types_ingress.go | 30 +- .../openshift/api/config/v1/types_network.go | 110 +- .../openshift/api/config/v1/types_node.go | 2 +- .../openshift/api/config/v1/types_oauth.go | 2 +- .../api/config/v1/types_operatorhub.go | 2 +- .../openshift/api/config/v1/types_project.go | 2 +- .../openshift/api/config/v1/types_proxy.go | 2 +- .../api/config/v1/types_scheduling.go | 2 +- .../api/config/v1/types_testreporting.go | 46 + .../api/config/v1/zz_generated.deepcopy.go | 218 +- ..._generated.featuregated-crd-manifests.yaml | 87 +- .../v1/zz_generated.swagger_doc_generated.go | 68 +- ...perator_01_backup-CustomNoUpgrade.crd.yaml | 143 - ...or_01_backup-TechPreviewNoUpgrade.crd.yaml | 143 - ...lusterimagepolicy-CustomNoUpgrade.crd.yaml | 399 --- ...rimagepolicy-TechPreviewNoUpgrade.crd.yaml | 399 --- ...or_01_imagepolicy-CustomNoUpgrade.crd.yaml | 399 --- ..._imagepolicy-TechPreviewNoUpgrade.crd.yaml | 399 --- ...nsightsdatagather-CustomNoUpgrade.crd.yaml | 89 - ...tsdatagather-TechPreviewNoUpgrade.crd.yaml | 89 - .../v1alpha1/custom.backup.testsuite.yaml | 202 -- .../custom.clusterimagepolicy.testsuite.yaml | 451 --- .../custom.imagepolicy.testsuite.yaml | 451 --- .../custom.insightsdatagather.testsuite.yaml | 14 - .../techpreview.backup.testsuite.yaml | 202 -- ...hpreview.clusterimagepolicy.testsuite.yaml | 451 --- .../techpreview.imagepolicy.testsuite.yaml | 451 --- ...hpreview.insightsdatagather.testsuite.yaml | 14 - .../api/config/v1alpha1/types_backup.go | 2 +- .../v1alpha1/types_cluster_image_policy.go | 2 +- .../api/config/v1alpha1/types_image_policy.go | 2 +- .../api/config/v1alpha1/types_insights.go | 2 +- ..._generated.featuregated-crd-manifests.yaml | 16 +- .../feature_gates.go => features/features.go} | 366 +-- .../github.com/openshift/api/features/util.go | 193 ++ .../0000_10_controlplanemachineset.crd.yaml | 948 ------ ....controlplanemachineset.aws.testsuite.yaml | 368 --- ...ontrolplanemachineset.azure.testsuite.yaml | 74 - ....controlplanemachineset.gcp.testsuite.yaml | 74 - ...olplanemachineset.openstack.testsuite.yaml | 632 ---- ...able.controlplanemachineset.testsuite.yaml | 533 ---- .../v1/types_controlplanemachineset.go | 2 +- ..._generated.featuregated-crd-manifests.yaml | 4 +- .../machine/v1beta1/0000_10_machine.crd.yaml | 487 --- .../v1beta1/0000_10_machinehealthcheck.yaml | 264 -- .../v1beta1/0000_10_machineset.crd.yaml | 556 ---- .../v1beta1/stable.machine.testsuite.yaml | 14 - .../stable.machinehealthcheck.testsuite.yaml | 16 - .../v1beta1/stable.machineset.testsuite.yaml | 15 - .../api/machine/v1beta1/types_machine.go | 3 +- .../v1beta1/types_machinehealthcheck.go | 3 +- .../api/machine/v1beta1/types_machineset.go | 3 +- ..._generated.featuregated-crd-manifests.yaml | 15 +- .../0000_80_containerruntimeconfig.crd.yaml | 180 -- ..._controllerconfig-CustomNoUpgrade.crd.yaml | 2694 ----------------- .../0000_80_controllerconfig-Default.crd.yaml | 2458 --------------- ...rollerconfig-TechPreviewNoUpgrade.crd.yaml | 2694 ----------------- .../v1/0000_80_kubeletconfig.crd.yaml | 240 -- .../v1/0000_80_machineconfig.crd.yaml | 97 - .../v1/0000_80_machineconfigpool.crd.yaml | 514 ---- .../api/machineconfiguration/v1/Makefile | 3 + .../v1/custom.controllerconfig.testsuite.yaml | 122 - ...able.containerruntimeconfig.testsuite.yaml | 16 - .../v1/stable.controllerconfig.testsuite.yaml | 219 -- .../v1/stable.kubeletconfig.testsuite.yaml | 14 - .../v1/stable.machineconfig.testsuite.yaml | 14 - .../stable.machineconfigpool.testsuite.yaml | 14 - ...echpreview.controllerconfig.testsuite.yaml | 122 - .../api/machineconfiguration/v1/types.go | 111 +- .../v1/zz_generated.deepcopy.go | 42 + ..._generated.featuregated-crd-manifests.yaml | 23 +- .../v1/zz_generated.swagger_doc_generated.go | 24 + ...0000_10_config-operator_01_config.crd.yaml | 179 -- ...perator_01_config-CustomNoUpgrade.crd.yaml | 278 -- ...2_etcd-operator_01_config-Default.crd.yaml | 266 -- ...or_01_config-TechPreviewNoUpgrade.crd.yaml | 278 -- ...kube-apiserver-operator_01_config.crd.yaml | 282 -- ...roller-manager-operator_01_config.crd.yaml | 271 -- ...kube-scheduler-operator_01_config.crd.yaml | 261 -- ...hift-apiserver-operator_01_config.crd.yaml | 184 -- ...oud-credential-operator_00_config.crd.yaml | 192 -- ...rsion-migrator-operator_00_config.crd.yaml | 172 -- ...authentication-operator_01_config.crd.yaml | 181 -- ...roller-manager-operator_02_config.crd.yaml | 174 -- ...00_50_cluster_storage_operator_01_crd.yaml | 190 -- ...ess-operator_00-ingresscontroller.crd.yaml | 2244 -------------- ...ghts-operator_00-insightsoperator.crd.yaml | 357 --- .../0000_50_service-ca-operator_02_crd.yaml | 174 -- ...00_70_cluster-network-operator_01.crd.yaml | 907 ------ .../v1/0000_70_dns-operator_00.crd.yaml | 578 ---- ...i_snapshot_controller_operator_01_crd.yaml | 175 -- ...perator_01_config-CustomNoUpgrade.crd.yaml | 395 --- ...config-operator_01_config-Default.crd.yaml | 261 -- ...or_01_config-TechPreviewNoUpgrade.crd.yaml | 395 --- ...0_90_cluster_csi_driver_01_config.crd.yaml | 375 --- .../operator/v1/00_console-operator.crd.yaml | 643 ---- .../operator/v1/custom.etcd.testsuite.yaml | 62 - ...custom.machineconfiguration.testsuite.yaml | 117 - .../v1/stable.authentication.testsuite.yaml | 16 - .../v1/stable.cloudcredential.testsuite.yaml | 16 - .../v1/stable.clustercsidriver.testsuite.yaml | 41 - .../operator/v1/stable.config.testsuite.yaml | 16 - .../operator/v1/stable.console.testsuite.yaml | 157 - ...table.csisnapshotcontroller.testsuite.yaml | 16 - .../api/operator/v1/stable.dns.testsuite.yaml | 21 - .../operator/v1/stable.etcd.testsuite.yaml | 16 - .../stable.ingresscontroller.testsuite.yaml | 478 --- .../v1/stable.insightsoperator.testsuite.yaml | 16 - .../v1/stable.kubeapiserver.testsuite.yaml | 16 - ...table.kubecontrollermanager.testsuite.yaml | 17 - .../v1/stable.kubescheduler.testsuite.yaml | 16 - ....kubestorageversionmigrator.testsuite.yaml | 16 - ...stable.machineconfiguration.testsuite.yaml | 16 - .../operator/v1/stable.network.testsuite.yaml | 682 ----- .../stable.openshiftapiserver.testsuite.yaml | 16 - ....openshiftcontrollermanager.testsuite.yaml | 16 - .../v1/stable.serviceca.testsuite.yaml | 16 - .../operator/v1/stable.storage.testsuite.yaml | 113 - .../v1/techpreview.etcd.testsuite.yaml | 62 - ...review.machineconfiguration.testsuite.yaml | 117 - .../api/operator/v1/types_authentication.go | 3 +- .../api/operator/v1/types_cloudcredential.go | 2 +- .../openshift/api/operator/v1/types_config.go | 2 +- .../api/operator/v1/types_console.go | 2 +- .../operator/v1/types_csi_cluster_driver.go | 31 +- .../api/operator/v1/types_csi_snapshot.go | 2 +- .../openshift/api/operator/v1/types_dns.go | 2 +- .../openshift/api/operator/v1/types_etcd.go | 2 +- .../api/operator/v1/types_ingress.go | 19 +- .../api/operator/v1/types_insights.go | 2 +- .../api/operator/v1/types_kubeapiserver.go | 2 +- .../v1/types_kubecontrollermanager.go | 2 +- .../v1/types_kubestorageversionmigrator.go | 2 +- .../operator/v1/types_machineconfiguration.go | 309 +- .../api/operator/v1/types_network.go | 106 +- .../operator/v1/types_openshiftapiserver.go | 2 +- .../v1/types_openshiftcontrollermanager.go | 2 +- .../api/operator/v1/types_scheduler.go | 2 +- .../api/operator/v1/types_serviceca.go | 2 +- .../api/operator/v1/types_storage.go | 2 +- .../api/operator/v1/zz_generated.deepcopy.go | 365 +++ ..._generated.featuregated-crd-manifests.yaml | 86 +- .../v1/zz_generated.swagger_doc_generated.go | 165 +- ...1_etcdbackup-TechPreviewNoUpgrade.crd.yaml | 158 - ...rator_01_imagecontentsourcepolicy.crd.yaml | 97 - ...g-operator_01_olm-CustomNoUpgrade.crd.yaml | 179 -- ...rator_01_olm-TechPreviewNoUpgrade.crd.yaml | 179 -- .../v1alpha1/custom.olm.testsuite.yaml | 28 - ...le.imagecontentsourcepolicy.testsuite.yaml | 14 - .../techpreview.etcdbackup.testsuite.yaml | 38 - .../v1alpha1/techpreview.olm.testsuite.yaml | 28 - .../api/operator/v1alpha1/types_etcdbackup.go | 7 +- .../types_image_content_source_policy.go | 5 + .../api/operator/v1alpha1/types_olm.go | 6 + ..._generated.featuregated-crd-manifests.yaml | 67 + .../api/route/v1/custom.route.testsuite.yaml | 103 - .../openshift/api/route/v1/generated.proto | 8 +- .../route/v1/route-CustomNoUpgrade.crd.yaml | 676 ----- .../api/route/v1/route-Default.crd.yaml | 662 ---- .../v1/route-TechPreviewNoUpgrade.crd.yaml | 676 ----- .../api/route/v1/stable.route.testsuite.yaml | 675 ----- .../route/v1/techpreview.route.testsuite.yaml | 103 - .../openshift/api/route/v1/types.go | 9 +- ..._generated.featuregated-crd-manifests.yaml | 4 +- .../v1/zz_generated.swagger_doc_generated.go | 2 +- vendor/modules.txt | 3 +- 245 files changed, 2275 insertions(+), 54494 deletions(-) delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-Default.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_03_marketplace-operator_01_operatorhub.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-Hypershift.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SelfManagedHA-CustomNoUpgrade.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SelfManagedHA-Default.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SelfManagedHA-TechPreviewNoUpgrade.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SingleNode-CustomNoUpgrade.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SingleNode-Default.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SingleNode-TechPreviewNoUpgrade.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagecontentpolicy.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagedigestmirrorset.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagetagmirrorset.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_node.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler-Default.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/0000_10_openshift-controller-manager-operator_01_build.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/custom.authentication.single.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/custom.authentication.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/custom.clusterversion.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/custom.scheduler.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.apiserver.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.authentication.single.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.authentication.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.clusteroperator.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.console.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.featuregate.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.hypershift.authentication.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.image.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.imagecontentpolicy.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.imagedigestmirrorset.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.imagetagmirrorset.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.ingress.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.network.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.node.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.oauth.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.operatorhub.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.project.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.proxy.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/stable.scheduler.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/techpreview.authentication.single.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/techpreview.authentication.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/techpreview.clusterversion.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1/techpreview.scheduler.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/config/v1/types_testreporting.go delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_backup-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_backup-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_clusterimagepolicy-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_clusterimagepolicy-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_imagepolicy-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_imagepolicy-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_insightsdatagather-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_insightsdatagather-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/custom.backup.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/custom.clusterimagepolicy.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/custom.imagepolicy.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/custom.insightsdatagather.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/techpreview.backup.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/techpreview.clusterimagepolicy.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/techpreview.imagepolicy.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/config/v1alpha1/techpreview.insightsdatagather.testsuite.yaml rename vendor/github.com/openshift/api/{config/v1/feature_gates.go => features/features.go} (57%) create mode 100644 vendor/github.com/openshift/api/features/util.go delete mode 100644 vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset.crd.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.aws.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.azure.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.gcp.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1beta1/0000_10_machine.crd.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1beta1/0000_10_machinehealthcheck.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1beta1/0000_10_machineset.crd.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1beta1/stable.machine.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1beta1/stable.machinehealthcheck.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machine/v1beta1/stable.machineset.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_containerruntimeconfig.crd.yaml delete mode 100644 vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_controllerconfig-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_controllerconfig-Default.crd.yaml delete mode 100644 vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_controllerconfig-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_kubeletconfig.crd.yaml delete mode 100644 vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_machineconfig.crd.yaml delete mode 100644 vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_machineconfigpool.crd.yaml create mode 100644 vendor/github.com/openshift/api/machineconfiguration/v1/Makefile delete mode 100644 vendor/github.com/openshift/api/machineconfiguration/v1/custom.controllerconfig.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machineconfiguration/v1/stable.containerruntimeconfig.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machineconfiguration/v1/stable.controllerconfig.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machineconfiguration/v1/stable.kubeletconfig.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machineconfiguration/v1/stable.machineconfig.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machineconfiguration/v1/stable.machineconfigpool.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/machineconfiguration/v1/techpreview.controllerconfig.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-Default.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_insights-operator_00-insightsoperator.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_80_machine-config-operator_01_config-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_80_machine-config-operator_01_config-Default.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_80_machine-config-operator_01_config-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/00_console-operator.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/custom.etcd.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/custom.machineconfiguration.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.authentication.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.cloudcredential.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.clustercsidriver.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.config.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.console.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.csisnapshotcontroller.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.dns.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.etcd.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.insightsoperator.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.kubeapiserver.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.kubecontrollermanager.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.kubescheduler.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.kubestorageversionmigrator.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.machineconfiguration.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.openshiftapiserver.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.openshiftcontrollermanager.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.serviceca.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/stable.storage.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/techpreview.etcd.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/techpreview.machineconfiguration.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/0000_10_01_etcdbackup-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/custom.olm.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/stable.imagecontentsourcepolicy.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/techpreview.etcdbackup.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/techpreview.olm.testsuite.yaml create mode 100644 vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml delete mode 100644 vendor/github.com/openshift/api/route/v1/custom.route.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/route/v1/route-Default.crd.yaml delete mode 100644 vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml delete mode 100644 vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml delete mode 100644 vendor/github.com/openshift/api/route/v1/techpreview.route.testsuite.yaml diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml deleted file mode 100644 index bc82f57a6ec..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml +++ /dev/null @@ -1,168 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/497 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: clusteroperators.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ClusterOperator - listKind: ClusterOperatorList - plural: clusteroperators - shortNames: - - co - singular: clusteroperator - scope: Cluster - versions: - - additionalPrinterColumns: - - description: The version the operator is at. - jsonPath: .status.versions[?(@.name=="operator")].version - name: Version - type: string - - description: Whether the operator is running and stable. - jsonPath: .status.conditions[?(@.type=="Available")].status - name: Available - type: string - - description: Whether the operator is processing changes. - jsonPath: .status.conditions[?(@.type=="Progressing")].status - name: Progressing - type: string - - description: Whether the operator is degraded. - jsonPath: .status.conditions[?(@.type=="Degraded")].status - name: Degraded - type: string - - description: The time the operator's Available status last changed. - jsonPath: .status.conditions[?(@.type=="Available")].lastTransitionTime - name: Since - type: date - name: v1 - schema: - openAPIV3Schema: - description: "ClusterOperator is the Custom Resource object which holds the - current state of an operator. This object is used by operators to convey - their state to the rest of the cluster. \n Compatibility level 1: Stable - within a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds configuration that could apply to any operator. - type: object - status: - description: status holds the information about the state of an operator. It - is consistent with status information across the Kubernetes ecosystem. - properties: - conditions: - description: conditions describes the state of the operator's managed - and monitored components. - items: - description: ClusterOperatorStatusCondition represents the state - of the operator's managed and monitored components. - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status property. - format: date-time - type: string - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. It - may contain Line Feed characters (U+000A), which should be - rendered as new lines. - type: string - reason: - description: reason is the CamelCase reason for the condition's - current status. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the aspect reported by this condition. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - extension: - description: extension contains any additional status information - specific to the operator which owns this status object. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - relatedObjects: - description: 'relatedObjects is a list of objects that are "interesting" - or related to this operator. Common uses are: 1. the detailed resource - driving the operator 2. operator namespaces 3. operand namespaces' - items: - description: ObjectReference contains enough information to let - you inspect or modify the referred object. - properties: - group: - description: group of the referent. - type: string - name: - description: name of the referent. - type: string - namespace: - description: namespace of the referent. - type: string - resource: - description: resource of the referent. - type: string - required: - - group - - name - - resource - type: object - type: array - versions: - description: versions is a slice of operator and operand version tuples. Operators - which manage multiple operands will have multiple operand entries - in the array. Available operators must report the version of the - operator itself with the name "operator". An operator reports a - new "operator" version when it has rolled out the new version to - all of its operands. - items: - properties: - name: - description: name is the name of the particular operand this - version is for. It usually matches container images, not - operators. - type: string - version: - description: version indicates which version of a particular - operand is currently being managed. It must always match - the Available operand. If 1.0.0 is Available, then this must - indicate 1.0.0 even if the operator is trying to rollout 1.1.0 - type: string - required: - - name - - version - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-CustomNoUpgrade.crd.yaml deleted file mode 100644 index 566122057cb..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,782 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/495 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: clusterversions.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ClusterVersion - listKind: ClusterVersionList - plural: clusterversions - singular: clusterversion - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.history[?(@.state=="Completed")].version - name: Version - type: string - - jsonPath: .status.conditions[?(@.type=="Available")].status - name: Available - type: string - - jsonPath: .status.conditions[?(@.type=="Progressing")].status - name: Progressing - type: string - - jsonPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime - name: Since - type: date - - jsonPath: .status.conditions[?(@.type=="Progressing")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: "ClusterVersion is the configuration for the ClusterVersionOperator. - This is where parameters related to automatic updates can be set. \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the desired state of the cluster version - the operator - will work to ensure that the desired version is applied to the cluster. - properties: - capabilities: - description: capabilities configures the installation of optional, - core cluster components. A null value here is identical to an empty - object; see the child properties for default semantics. - properties: - additionalEnabledCapabilities: - description: additionalEnabledCapabilities extends the set of - managed capabilities beyond the baseline defined in baselineCapabilitySet. The - default is an empty set. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. - enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot - - NodeTuning - - MachineAPI - - Build - - DeploymentConfig - - ImageRegistry - - OperatorLifecycleManager - - CloudCredential - - Ingress - - CloudControllerManager - type: string - type: array - x-kubernetes-list-type: atomic - baselineCapabilitySet: - description: baselineCapabilitySet selects an initial set of optional - capabilities to enable, which can be extended via additionalEnabledCapabilities. If - unset, the cluster will choose a default, and the default may - change over time. The current default is vCurrent. - enum: - - None - - v4.11 - - v4.12 - - v4.13 - - v4.14 - - v4.15 - - v4.16 - - vCurrent - type: string - type: object - channel: - description: channel is an identifier for explicitly requesting that - a non-default set of updates be applied to this cluster. The default - channel will be contain stable updates that are appropriate for - production clusters. - type: string - clusterID: - description: clusterID uniquely identifies this cluster. This is expected - to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - in hexadecimal values). This is a required field. - type: string - desiredUpdate: - description: "desiredUpdate is an optional field that indicates the - desired value of the cluster version. Setting this value will trigger - an upgrade (if the current version does not match the desired version). - The set of recommended update values is listed as part of available - updates in status, and setting values outside that range may cause - the upgrade to fail. \n Some of the fields are inter-related with - restrictions and meanings described here. 1. image is specified, - version is specified, architecture is specified. API validation - error. 2. image is specified, version is specified, architecture - is not specified. You should not do this. version is silently ignored - and image is used. 3. image is specified, version is not specified, - architecture is specified. API validation error. 4. image is specified, - version is not specified, architecture is not specified. image is - used. 5. image is not specified, version is specified, architecture - is specified. version and desired architecture are used to select - an image. 6. image is not specified, version is specified, architecture - is not specified. version and current architecture are used to select - an image. 7. image is not specified, version is not specified, architecture - is specified. API validation error. 8. image is not specified, version - is not specified, architecture is not specified. API validation - error. \n If an upgrade fails the operator will halt and report - status about the failing component. Setting the desired update value - back to the previous version will cause a rollback to be attempted. - Not all rollbacks will succeed." - properties: - architecture: - description: architecture is an optional field that indicates - the desired value of the cluster architecture. In this context - cluster architecture means either a single architecture or a - multi architecture. architecture can only be set to Multi thereby - only allowing updates from single to multi architecture. If - architecture is set, image cannot be set and version must be - set. Valid values are 'Multi' and empty. - enum: - - Multi - - "" - type: string - force: - description: force allows an administrator to update to an image - that has failed verification or upgradeable checks. This option - should only be used when the authenticity of the provided image - has been verified out of band because the provided image will - run with full administrative access to the cluster. Do not use - this flag with images that comes from unknown or potentially - malicious sources. - type: boolean - image: - description: image is a container image location that contains - the update. image should be used when the desired version does - not exist in availableUpdates or history. When image is set, - version is ignored. When image is set, version should be empty. - When image is set, architecture cannot be specified. - type: string - version: - description: version is a semantic version identifying the update - version. version is ignored if image is specified and required - if architecture is specified. - type: string - type: object - x-kubernetes-validations: - - message: cannot set both Architecture and Image - rule: 'has(self.architecture) && has(self.image) ? (self.architecture - == '''' || self.image == '''') : true' - - message: Version must be set if Architecture is set - rule: 'has(self.architecture) && self.architecture != '''' ? self.version - != '''' : true' - overrides: - description: overrides is list of overides for components that are - managed by cluster version operator. Marking a component unmanaged - will prevent the operator from creating or updating the object. - items: - description: ComponentOverride allows overriding cluster version - operator's behavior for a component. - properties: - group: - description: group identifies the API group that the kind is - in. - type: string - kind: - description: kind indentifies which object to override. - type: string - name: - description: name is the component's name. - type: string - namespace: - description: namespace is the component's namespace. If the - resource is cluster scoped, the namespace should be empty. - type: string - unmanaged: - description: 'unmanaged controls if cluster version operator - should stop managing the resources in this cluster. Default: - false' - type: boolean - required: - - group - - kind - - name - - namespace - - unmanaged - type: object - type: array - x-kubernetes-list-map-keys: - - kind - - group - - namespace - - name - x-kubernetes-list-type: map - signatureStores: - description: "signatureStores contains the upstream URIs to verify - release signatures and optional reference to a config map by name - containing the PEM-encoded CA bundle. \n By default, CVO will use - existing signature stores if this property is empty. The CVO will - check the release signatures in the local ConfigMaps first. It will - search for a valid signature in these stores in parallel only when - local ConfigMaps did not include a valid signature. Validation will - fail if none of the signature stores reply with valid signature - before timeout. Setting signatureStores will replace the default - signature stores with custom signature stores. Default stores can - be used with custom signature stores by adding them manually. \n - A maximum of 32 signature stores may be configured." - items: - description: SignatureStore represents the URL of custom Signature - Store - properties: - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as a - trust anchor to validate the TLS certificate presented by - the remote server. The key "ca.crt" is used to locate the - data. If specified and the config map or expected key is not - found, the signature store is not honored. If the specified - ca data is not valid, the signature store is not honored. - If empty, we fall back to the CA configured via Proxy, which - is appended to the default system roots. The namespace for - this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - url: - description: url contains the upstream custom signature store - URL. url should be a valid absolute http/https URI of an upstream - signature store as per rfc1738. This must be provided and - cannot be empty. - type: string - x-kubernetes-validations: - - message: url must be a valid absolute URL - rule: isURL(self) - required: - - url - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - url - x-kubernetes-list-type: map - upstream: - description: upstream may be used to specify the preferred update - server. By default it will use the appropriate update server for - the cluster and region. - type: string - required: - - clusterID - type: object - status: - description: status contains information about the available updates and - any in-progress updates. - properties: - availableUpdates: - description: availableUpdates contains updates recommended for this - cluster. Updates which appear in conditionalUpdates but not in availableUpdates - may expose this cluster to known issues. This list may be empty - if no updates are recommended, if the update service is unavailable, - or if an invalid channel has been specified. - items: - description: Release represents an OpenShift release image and associated - metadata. - properties: - channels: - description: channels is the set of Cincinnati channels to which - the release currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is optional - if version is specified and the availableUpdates field contains - a matching version. - type: string - url: - description: url contains information about this release. This - URL is set by the 'url' metadata property on a release or - the metadata returned by the update API and should be displayed - as a link in user interfaces. The URL field may not be set - for test or nightly releases. - type: string - version: - description: version is a semantic version identifying the update - version. When this field is part of spec, version is optional - if image is specified. - type: string - type: object - nullable: true - type: array - x-kubernetes-list-type: atomic - capabilities: - description: capabilities describes the state of optional, core cluster - components. - properties: - enabledCapabilities: - description: enabledCapabilities lists all the capabilities that - are currently managed. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. - enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot - - NodeTuning - - MachineAPI - - Build - - DeploymentConfig - - ImageRegistry - - OperatorLifecycleManager - - CloudCredential - - Ingress - - CloudControllerManager - type: string - type: array - x-kubernetes-list-type: atomic - knownCapabilities: - description: knownCapabilities lists all the capabilities known - to the current cluster. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. - enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot - - NodeTuning - - MachineAPI - - Build - - DeploymentConfig - - ImageRegistry - - OperatorLifecycleManager - - CloudCredential - - Ingress - - CloudControllerManager - type: string - type: array - x-kubernetes-list-type: atomic - type: object - conditionalUpdates: - description: conditionalUpdates contains the list of updates that - may be recommended for this cluster if it meets specific required - conditions. Consumers interested in the set of updates that are - actually recommended for this cluster should use availableUpdates. - This list may be empty if no updates are recommended, if the update - service is unavailable, or if an empty or invalid channel has been - specified. - items: - description: ConditionalUpdate represents an update which is recommended - to some clusters on the version the current cluster is reconciling, - but which may not be recommended for the current cluster. - properties: - conditions: - description: 'conditions represents the observations of the - conditional update''s current status. Known types are: * Recommended, - for whether the update is recommended for the current cluster.' - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - release: - description: release is the target of the update. - properties: - channels: - description: channels is the set of Cincinnati channels - to which the release currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is - optional if version is specified and the availableUpdates - field contains a matching version. - type: string - url: - description: url contains information about this release. - This URL is set by the 'url' metadata property on a release - or the metadata returned by the update API and should - be displayed as a link in user interfaces. The URL field - may not be set for test or nightly releases. - type: string - version: - description: version is a semantic version identifying the - update version. When this field is part of spec, version - is optional if image is specified. - type: string - type: object - risks: - description: risks represents the range of issues associated - with updating to the target release. The cluster-version operator - will evaluate all entries, and only recommend the update if - there is at least one entry and all entries recommend the - update. - items: - description: ConditionalUpdateRisk represents a reason and - cluster-state for not recommending a conditional update. - properties: - matchingRules: - description: matchingRules is a slice of conditions for - deciding which clusters match the risk and which do - not. The slice is ordered by decreasing precedence. - The cluster-version operator will walk the slice in - order, and stop after the first it can successfully - evaluate. If no condition can be successfully evaluated, - the update will not be recommended. - items: - description: ClusterCondition is a union of typed cluster - conditions. The 'type' property determines which - of the type-specific properties are relevant. When - evaluated on a cluster, the condition may match, not - match, or fail to evaluate. - properties: - promql: - description: promQL represents a cluster condition - based on PromQL. - properties: - promql: - description: PromQL is a PromQL query classifying - clusters. This query query should return a - 1 in the match case and a 0 in the does-not-match - case. Queries which return no time series, - or which return values besides 0 or 1, are - evaluation failures. - type: string - required: - - promql - type: object - type: - description: type represents the cluster-condition - type. This defines the members and semantics of - any additional properties. - enum: - - Always - - PromQL - type: string - required: - - type - type: object - minItems: 1 - type: array - x-kubernetes-list-type: atomic - message: - description: message provides additional information about - the risk of updating, in the event that matchingRules - match the cluster state. This is only to be consumed - by humans. It may contain Line Feed characters (U+000A), - which should be rendered as new lines. - minLength: 1 - type: string - name: - description: name is the CamelCase reason for not recommending - a conditional update, in the event that matchingRules - match the cluster state. - minLength: 1 - type: string - url: - description: url contains information about this risk. - format: uri - minLength: 1 - type: string - required: - - matchingRules - - message - - name - - url - type: object - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - release - - risks - type: object - type: array - x-kubernetes-list-type: atomic - conditions: - description: conditions provides information about the cluster version. - The condition "Available" is set to true if the desiredUpdate has - been reached. The condition "Progressing" is set to true if an update - is being applied. The condition "Degraded" is set to true if an - update is currently blocked by a temporary or permanent error. Conditions - are only valid for the current desiredUpdate when metadata.generation - is equal to status.generation. - items: - description: ClusterOperatorStatusCondition represents the state - of the operator's managed and monitored components. - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status property. - format: date-time - type: string - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. It - may contain Line Feed characters (U+000A), which should be - rendered as new lines. - type: string - reason: - description: reason is the CamelCase reason for the condition's - current status. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the aspect reported by this condition. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - desired: - description: desired is the version that the cluster is reconciling - towards. If the cluster is not yet fully initialized desired will - be set with the information available, which may be an image or - a tag. - properties: - channels: - description: channels is the set of Cincinnati channels to which - the release currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is optional - if version is specified and the availableUpdates field contains - a matching version. - type: string - url: - description: url contains information about this release. This - URL is set by the 'url' metadata property on a release or the - metadata returned by the update API and should be displayed - as a link in user interfaces. The URL field may not be set for - test or nightly releases. - type: string - version: - description: version is a semantic version identifying the update - version. When this field is part of spec, version is optional - if image is specified. - type: string - type: object - history: - description: history contains a list of the most recent versions applied - to the cluster. This value may be empty during cluster startup, - and then will be updated when a new update is being applied. The - newest update is first in the list and it is ordered by recency. - Updates in the history have state Completed if the rollout completed - - if an update was failing or halfway applied the state will be - Partial. Only a limited amount of update history is preserved. - items: - description: UpdateHistory is a single attempted update to the cluster. - properties: - acceptedRisks: - description: acceptedRisks records risks which were accepted - to initiate the update. For example, it may menition an Upgradeable=False - or missing signature that was overriden via desiredUpdate.force, - or an update that was initiated despite not being in the availableUpdates - set of recommended update targets. - type: string - completionTime: - description: completionTime, if set, is when the update was - fully applied. The update that is currently being applied - will have a null completion time. Completion time will always - be set for entries that are not the current update (usually - to the started time of the next update). - format: date-time - nullable: true - type: string - image: - description: image is a container image location that contains - the update. This value is always populated. - type: string - startedTime: - description: startedTime is the time at which the update was - started. - format: date-time - type: string - state: - description: state reflects whether the update was fully applied. - The Partial state indicates the update is not fully applied, - while the Completed state indicates the update was successfully - rolled out at least once (all parts of the update successfully - applied). - type: string - verified: - description: verified indicates whether the provided update - was properly verified before it was installed. If this is - false the cluster may not be trusted. Verified does not cover - upgradeable checks that depend on the cluster state at the - time when the update target was accepted. - type: boolean - version: - description: version is a semantic version identifying the update - version. If the requested image does not define a version, - or if a failure occurs retrieving the image, this value may - be empty. - type: string - required: - - completionTime - - image - - startedTime - - state - - verified - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration reports which version of the spec - is being synced. If this value is not equal to metadata.generation, - then the desired and conditions fields may represent a previous - version. - format: int64 - type: integer - versionHash: - description: versionHash is a fingerprint of the content that the - cluster will be updated with. It is used by the operator to avoid - unnecessary work and is for internal use only. - type: string - required: - - availableUpdates - - desired - - observedGeneration - - versionHash - type: object - required: - - spec - type: object - x-kubernetes-validations: - - message: the `baremetal` capability requires the `MachineAPI` capability, - which is neither explicitly or implicitly enabled in this cluster, please - enable the `MachineAPI` capability - rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) - && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''baremetal'' - in self.spec.capabilities.additionalEnabledCapabilities ? ''MachineAPI'' - in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) - && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) - && ''MachineAPI'' in self.status.capabilities.enabledCapabilities) : true' - - message: the `marketplace` capability requires the `OperatorLifecycleManager` - capability, which is neither explicitly or implicitly enabled in this - cluster, please enable the `OperatorLifecycleManager` capability - rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) - && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''marketplace'' - in self.spec.capabilities.additionalEnabledCapabilities ? ''OperatorLifecycleManager'' - in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) - && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) - && ''OperatorLifecycleManager'' in self.status.capabilities.enabledCapabilities) - : true' - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-Default.crd.yaml deleted file mode 100644 index 769a8adda7d..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-Default.crd.yaml +++ /dev/null @@ -1,729 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/495 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: Default - name: clusterversions.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ClusterVersion - listKind: ClusterVersionList - plural: clusterversions - singular: clusterversion - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.history[?(@.state=="Completed")].version - name: Version - type: string - - jsonPath: .status.conditions[?(@.type=="Available")].status - name: Available - type: string - - jsonPath: .status.conditions[?(@.type=="Progressing")].status - name: Progressing - type: string - - jsonPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime - name: Since - type: date - - jsonPath: .status.conditions[?(@.type=="Progressing")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: "ClusterVersion is the configuration for the ClusterVersionOperator. - This is where parameters related to automatic updates can be set. \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the desired state of the cluster version - the operator - will work to ensure that the desired version is applied to the cluster. - properties: - capabilities: - description: capabilities configures the installation of optional, - core cluster components. A null value here is identical to an empty - object; see the child properties for default semantics. - properties: - additionalEnabledCapabilities: - description: additionalEnabledCapabilities extends the set of - managed capabilities beyond the baseline defined in baselineCapabilitySet. The - default is an empty set. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. - enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot - - NodeTuning - - MachineAPI - - Build - - DeploymentConfig - - ImageRegistry - - OperatorLifecycleManager - - CloudCredential - - Ingress - - CloudControllerManager - type: string - type: array - x-kubernetes-list-type: atomic - baselineCapabilitySet: - description: baselineCapabilitySet selects an initial set of optional - capabilities to enable, which can be extended via additionalEnabledCapabilities. If - unset, the cluster will choose a default, and the default may - change over time. The current default is vCurrent. - enum: - - None - - v4.11 - - v4.12 - - v4.13 - - v4.14 - - v4.15 - - v4.16 - - vCurrent - type: string - type: object - channel: - description: channel is an identifier for explicitly requesting that - a non-default set of updates be applied to this cluster. The default - channel will be contain stable updates that are appropriate for - production clusters. - type: string - clusterID: - description: clusterID uniquely identifies this cluster. This is expected - to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - in hexadecimal values). This is a required field. - type: string - desiredUpdate: - description: "desiredUpdate is an optional field that indicates the - desired value of the cluster version. Setting this value will trigger - an upgrade (if the current version does not match the desired version). - The set of recommended update values is listed as part of available - updates in status, and setting values outside that range may cause - the upgrade to fail. \n Some of the fields are inter-related with - restrictions and meanings described here. 1. image is specified, - version is specified, architecture is specified. API validation - error. 2. image is specified, version is specified, architecture - is not specified. You should not do this. version is silently ignored - and image is used. 3. image is specified, version is not specified, - architecture is specified. API validation error. 4. image is specified, - version is not specified, architecture is not specified. image is - used. 5. image is not specified, version is specified, architecture - is specified. version and desired architecture are used to select - an image. 6. image is not specified, version is specified, architecture - is not specified. version and current architecture are used to select - an image. 7. image is not specified, version is not specified, architecture - is specified. API validation error. 8. image is not specified, version - is not specified, architecture is not specified. API validation - error. \n If an upgrade fails the operator will halt and report - status about the failing component. Setting the desired update value - back to the previous version will cause a rollback to be attempted. - Not all rollbacks will succeed." - properties: - architecture: - description: architecture is an optional field that indicates - the desired value of the cluster architecture. In this context - cluster architecture means either a single architecture or a - multi architecture. architecture can only be set to Multi thereby - only allowing updates from single to multi architecture. If - architecture is set, image cannot be set and version must be - set. Valid values are 'Multi' and empty. - enum: - - Multi - - "" - type: string - force: - description: force allows an administrator to update to an image - that has failed verification or upgradeable checks. This option - should only be used when the authenticity of the provided image - has been verified out of band because the provided image will - run with full administrative access to the cluster. Do not use - this flag with images that comes from unknown or potentially - malicious sources. - type: boolean - image: - description: image is a container image location that contains - the update. image should be used when the desired version does - not exist in availableUpdates or history. When image is set, - version is ignored. When image is set, version should be empty. - When image is set, architecture cannot be specified. - type: string - version: - description: version is a semantic version identifying the update - version. version is ignored if image is specified and required - if architecture is specified. - type: string - type: object - x-kubernetes-validations: - - message: cannot set both Architecture and Image - rule: 'has(self.architecture) && has(self.image) ? (self.architecture - == '''' || self.image == '''') : true' - - message: Version must be set if Architecture is set - rule: 'has(self.architecture) && self.architecture != '''' ? self.version - != '''' : true' - overrides: - description: overrides is list of overides for components that are - managed by cluster version operator. Marking a component unmanaged - will prevent the operator from creating or updating the object. - items: - description: ComponentOverride allows overriding cluster version - operator's behavior for a component. - properties: - group: - description: group identifies the API group that the kind is - in. - type: string - kind: - description: kind indentifies which object to override. - type: string - name: - description: name is the component's name. - type: string - namespace: - description: namespace is the component's namespace. If the - resource is cluster scoped, the namespace should be empty. - type: string - unmanaged: - description: 'unmanaged controls if cluster version operator - should stop managing the resources in this cluster. Default: - false' - type: boolean - required: - - group - - kind - - name - - namespace - - unmanaged - type: object - type: array - x-kubernetes-list-map-keys: - - kind - - group - - namespace - - name - x-kubernetes-list-type: map - upstream: - description: upstream may be used to specify the preferred update - server. By default it will use the appropriate update server for - the cluster and region. - type: string - required: - - clusterID - type: object - status: - description: status contains information about the available updates and - any in-progress updates. - properties: - availableUpdates: - description: availableUpdates contains updates recommended for this - cluster. Updates which appear in conditionalUpdates but not in availableUpdates - may expose this cluster to known issues. This list may be empty - if no updates are recommended, if the update service is unavailable, - or if an invalid channel has been specified. - items: - description: Release represents an OpenShift release image and associated - metadata. - properties: - channels: - description: channels is the set of Cincinnati channels to which - the release currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is optional - if version is specified and the availableUpdates field contains - a matching version. - type: string - url: - description: url contains information about this release. This - URL is set by the 'url' metadata property on a release or - the metadata returned by the update API and should be displayed - as a link in user interfaces. The URL field may not be set - for test or nightly releases. - type: string - version: - description: version is a semantic version identifying the update - version. When this field is part of spec, version is optional - if image is specified. - type: string - type: object - nullable: true - type: array - x-kubernetes-list-type: atomic - capabilities: - description: capabilities describes the state of optional, core cluster - components. - properties: - enabledCapabilities: - description: enabledCapabilities lists all the capabilities that - are currently managed. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. - enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot - - NodeTuning - - MachineAPI - - Build - - DeploymentConfig - - ImageRegistry - - OperatorLifecycleManager - - CloudCredential - - Ingress - - CloudControllerManager - type: string - type: array - x-kubernetes-list-type: atomic - knownCapabilities: - description: knownCapabilities lists all the capabilities known - to the current cluster. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. - enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot - - NodeTuning - - MachineAPI - - Build - - DeploymentConfig - - ImageRegistry - - OperatorLifecycleManager - - CloudCredential - - Ingress - - CloudControllerManager - type: string - type: array - x-kubernetes-list-type: atomic - type: object - conditionalUpdates: - description: conditionalUpdates contains the list of updates that - may be recommended for this cluster if it meets specific required - conditions. Consumers interested in the set of updates that are - actually recommended for this cluster should use availableUpdates. - This list may be empty if no updates are recommended, if the update - service is unavailable, or if an empty or invalid channel has been - specified. - items: - description: ConditionalUpdate represents an update which is recommended - to some clusters on the version the current cluster is reconciling, - but which may not be recommended for the current cluster. - properties: - conditions: - description: 'conditions represents the observations of the - conditional update''s current status. Known types are: * Recommended, - for whether the update is recommended for the current cluster.' - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - release: - description: release is the target of the update. - properties: - channels: - description: channels is the set of Cincinnati channels - to which the release currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is - optional if version is specified and the availableUpdates - field contains a matching version. - type: string - url: - description: url contains information about this release. - This URL is set by the 'url' metadata property on a release - or the metadata returned by the update API and should - be displayed as a link in user interfaces. The URL field - may not be set for test or nightly releases. - type: string - version: - description: version is a semantic version identifying the - update version. When this field is part of spec, version - is optional if image is specified. - type: string - type: object - risks: - description: risks represents the range of issues associated - with updating to the target release. The cluster-version operator - will evaluate all entries, and only recommend the update if - there is at least one entry and all entries recommend the - update. - items: - description: ConditionalUpdateRisk represents a reason and - cluster-state for not recommending a conditional update. - properties: - matchingRules: - description: matchingRules is a slice of conditions for - deciding which clusters match the risk and which do - not. The slice is ordered by decreasing precedence. - The cluster-version operator will walk the slice in - order, and stop after the first it can successfully - evaluate. If no condition can be successfully evaluated, - the update will not be recommended. - items: - description: ClusterCondition is a union of typed cluster - conditions. The 'type' property determines which - of the type-specific properties are relevant. When - evaluated on a cluster, the condition may match, not - match, or fail to evaluate. - properties: - promql: - description: promQL represents a cluster condition - based on PromQL. - properties: - promql: - description: PromQL is a PromQL query classifying - clusters. This query query should return a - 1 in the match case and a 0 in the does-not-match - case. Queries which return no time series, - or which return values besides 0 or 1, are - evaluation failures. - type: string - required: - - promql - type: object - type: - description: type represents the cluster-condition - type. This defines the members and semantics of - any additional properties. - enum: - - Always - - PromQL - type: string - required: - - type - type: object - minItems: 1 - type: array - x-kubernetes-list-type: atomic - message: - description: message provides additional information about - the risk of updating, in the event that matchingRules - match the cluster state. This is only to be consumed - by humans. It may contain Line Feed characters (U+000A), - which should be rendered as new lines. - minLength: 1 - type: string - name: - description: name is the CamelCase reason for not recommending - a conditional update, in the event that matchingRules - match the cluster state. - minLength: 1 - type: string - url: - description: url contains information about this risk. - format: uri - minLength: 1 - type: string - required: - - matchingRules - - message - - name - - url - type: object - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - release - - risks - type: object - type: array - x-kubernetes-list-type: atomic - conditions: - description: conditions provides information about the cluster version. - The condition "Available" is set to true if the desiredUpdate has - been reached. The condition "Progressing" is set to true if an update - is being applied. The condition "Degraded" is set to true if an - update is currently blocked by a temporary or permanent error. Conditions - are only valid for the current desiredUpdate when metadata.generation - is equal to status.generation. - items: - description: ClusterOperatorStatusCondition represents the state - of the operator's managed and monitored components. - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status property. - format: date-time - type: string - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. It - may contain Line Feed characters (U+000A), which should be - rendered as new lines. - type: string - reason: - description: reason is the CamelCase reason for the condition's - current status. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the aspect reported by this condition. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - desired: - description: desired is the version that the cluster is reconciling - towards. If the cluster is not yet fully initialized desired will - be set with the information available, which may be an image or - a tag. - properties: - channels: - description: channels is the set of Cincinnati channels to which - the release currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is optional - if version is specified and the availableUpdates field contains - a matching version. - type: string - url: - description: url contains information about this release. This - URL is set by the 'url' metadata property on a release or the - metadata returned by the update API and should be displayed - as a link in user interfaces. The URL field may not be set for - test or nightly releases. - type: string - version: - description: version is a semantic version identifying the update - version. When this field is part of spec, version is optional - if image is specified. - type: string - type: object - history: - description: history contains a list of the most recent versions applied - to the cluster. This value may be empty during cluster startup, - and then will be updated when a new update is being applied. The - newest update is first in the list and it is ordered by recency. - Updates in the history have state Completed if the rollout completed - - if an update was failing or halfway applied the state will be - Partial. Only a limited amount of update history is preserved. - items: - description: UpdateHistory is a single attempted update to the cluster. - properties: - acceptedRisks: - description: acceptedRisks records risks which were accepted - to initiate the update. For example, it may menition an Upgradeable=False - or missing signature that was overriden via desiredUpdate.force, - or an update that was initiated despite not being in the availableUpdates - set of recommended update targets. - type: string - completionTime: - description: completionTime, if set, is when the update was - fully applied. The update that is currently being applied - will have a null completion time. Completion time will always - be set for entries that are not the current update (usually - to the started time of the next update). - format: date-time - nullable: true - type: string - image: - description: image is a container image location that contains - the update. This value is always populated. - type: string - startedTime: - description: startedTime is the time at which the update was - started. - format: date-time - type: string - state: - description: state reflects whether the update was fully applied. - The Partial state indicates the update is not fully applied, - while the Completed state indicates the update was successfully - rolled out at least once (all parts of the update successfully - applied). - type: string - verified: - description: verified indicates whether the provided update - was properly verified before it was installed. If this is - false the cluster may not be trusted. Verified does not cover - upgradeable checks that depend on the cluster state at the - time when the update target was accepted. - type: boolean - version: - description: version is a semantic version identifying the update - version. If the requested image does not define a version, - or if a failure occurs retrieving the image, this value may - be empty. - type: string - required: - - completionTime - - image - - startedTime - - state - - verified - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration reports which version of the spec - is being synced. If this value is not equal to metadata.generation, - then the desired and conditions fields may represent a previous - version. - format: int64 - type: integer - versionHash: - description: versionHash is a fingerprint of the content that the - cluster will be updated with. It is used by the operator to avoid - unnecessary work and is for internal use only. - type: string - required: - - availableUpdates - - desired - - observedGeneration - - versionHash - type: object - required: - - spec - type: object - x-kubernetes-validations: - - message: the `baremetal` capability requires the `MachineAPI` capability, - which is neither explicitly or implicitly enabled in this cluster, please - enable the `MachineAPI` capability - rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) - && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''baremetal'' - in self.spec.capabilities.additionalEnabledCapabilities ? ''MachineAPI'' - in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) - && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) - && ''MachineAPI'' in self.status.capabilities.enabledCapabilities) : true' - - message: the `marketplace` capability requires the `OperatorLifecycleManager` - capability, which is neither explicitly or implicitly enabled in this - cluster, please enable the `OperatorLifecycleManager` capability - rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) - && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''marketplace'' - in self.spec.capabilities.additionalEnabledCapabilities ? ''OperatorLifecycleManager'' - in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) - && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) - && ''OperatorLifecycleManager'' in self.status.capabilities.enabledCapabilities) - : true' - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index bb5ada95b74..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,782 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/495 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: clusterversions.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ClusterVersion - listKind: ClusterVersionList - plural: clusterversions - singular: clusterversion - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.history[?(@.state=="Completed")].version - name: Version - type: string - - jsonPath: .status.conditions[?(@.type=="Available")].status - name: Available - type: string - - jsonPath: .status.conditions[?(@.type=="Progressing")].status - name: Progressing - type: string - - jsonPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime - name: Since - type: date - - jsonPath: .status.conditions[?(@.type=="Progressing")].message - name: Status - type: string - name: v1 - schema: - openAPIV3Schema: - description: "ClusterVersion is the configuration for the ClusterVersionOperator. - This is where parameters related to automatic updates can be set. \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the desired state of the cluster version - the operator - will work to ensure that the desired version is applied to the cluster. - properties: - capabilities: - description: capabilities configures the installation of optional, - core cluster components. A null value here is identical to an empty - object; see the child properties for default semantics. - properties: - additionalEnabledCapabilities: - description: additionalEnabledCapabilities extends the set of - managed capabilities beyond the baseline defined in baselineCapabilitySet. The - default is an empty set. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. - enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot - - NodeTuning - - MachineAPI - - Build - - DeploymentConfig - - ImageRegistry - - OperatorLifecycleManager - - CloudCredential - - Ingress - - CloudControllerManager - type: string - type: array - x-kubernetes-list-type: atomic - baselineCapabilitySet: - description: baselineCapabilitySet selects an initial set of optional - capabilities to enable, which can be extended via additionalEnabledCapabilities. If - unset, the cluster will choose a default, and the default may - change over time. The current default is vCurrent. - enum: - - None - - v4.11 - - v4.12 - - v4.13 - - v4.14 - - v4.15 - - v4.16 - - vCurrent - type: string - type: object - channel: - description: channel is an identifier for explicitly requesting that - a non-default set of updates be applied to this cluster. The default - channel will be contain stable updates that are appropriate for - production clusters. - type: string - clusterID: - description: clusterID uniquely identifies this cluster. This is expected - to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - in hexadecimal values). This is a required field. - type: string - desiredUpdate: - description: "desiredUpdate is an optional field that indicates the - desired value of the cluster version. Setting this value will trigger - an upgrade (if the current version does not match the desired version). - The set of recommended update values is listed as part of available - updates in status, and setting values outside that range may cause - the upgrade to fail. \n Some of the fields are inter-related with - restrictions and meanings described here. 1. image is specified, - version is specified, architecture is specified. API validation - error. 2. image is specified, version is specified, architecture - is not specified. You should not do this. version is silently ignored - and image is used. 3. image is specified, version is not specified, - architecture is specified. API validation error. 4. image is specified, - version is not specified, architecture is not specified. image is - used. 5. image is not specified, version is specified, architecture - is specified. version and desired architecture are used to select - an image. 6. image is not specified, version is specified, architecture - is not specified. version and current architecture are used to select - an image. 7. image is not specified, version is not specified, architecture - is specified. API validation error. 8. image is not specified, version - is not specified, architecture is not specified. API validation - error. \n If an upgrade fails the operator will halt and report - status about the failing component. Setting the desired update value - back to the previous version will cause a rollback to be attempted. - Not all rollbacks will succeed." - properties: - architecture: - description: architecture is an optional field that indicates - the desired value of the cluster architecture. In this context - cluster architecture means either a single architecture or a - multi architecture. architecture can only be set to Multi thereby - only allowing updates from single to multi architecture. If - architecture is set, image cannot be set and version must be - set. Valid values are 'Multi' and empty. - enum: - - Multi - - "" - type: string - force: - description: force allows an administrator to update to an image - that has failed verification or upgradeable checks. This option - should only be used when the authenticity of the provided image - has been verified out of band because the provided image will - run with full administrative access to the cluster. Do not use - this flag with images that comes from unknown or potentially - malicious sources. - type: boolean - image: - description: image is a container image location that contains - the update. image should be used when the desired version does - not exist in availableUpdates or history. When image is set, - version is ignored. When image is set, version should be empty. - When image is set, architecture cannot be specified. - type: string - version: - description: version is a semantic version identifying the update - version. version is ignored if image is specified and required - if architecture is specified. - type: string - type: object - x-kubernetes-validations: - - message: cannot set both Architecture and Image - rule: 'has(self.architecture) && has(self.image) ? (self.architecture - == '''' || self.image == '''') : true' - - message: Version must be set if Architecture is set - rule: 'has(self.architecture) && self.architecture != '''' ? self.version - != '''' : true' - overrides: - description: overrides is list of overides for components that are - managed by cluster version operator. Marking a component unmanaged - will prevent the operator from creating or updating the object. - items: - description: ComponentOverride allows overriding cluster version - operator's behavior for a component. - properties: - group: - description: group identifies the API group that the kind is - in. - type: string - kind: - description: kind indentifies which object to override. - type: string - name: - description: name is the component's name. - type: string - namespace: - description: namespace is the component's namespace. If the - resource is cluster scoped, the namespace should be empty. - type: string - unmanaged: - description: 'unmanaged controls if cluster version operator - should stop managing the resources in this cluster. Default: - false' - type: boolean - required: - - group - - kind - - name - - namespace - - unmanaged - type: object - type: array - x-kubernetes-list-map-keys: - - kind - - group - - namespace - - name - x-kubernetes-list-type: map - signatureStores: - description: "signatureStores contains the upstream URIs to verify - release signatures and optional reference to a config map by name - containing the PEM-encoded CA bundle. \n By default, CVO will use - existing signature stores if this property is empty. The CVO will - check the release signatures in the local ConfigMaps first. It will - search for a valid signature in these stores in parallel only when - local ConfigMaps did not include a valid signature. Validation will - fail if none of the signature stores reply with valid signature - before timeout. Setting signatureStores will replace the default - signature stores with custom signature stores. Default stores can - be used with custom signature stores by adding them manually. \n - A maximum of 32 signature stores may be configured." - items: - description: SignatureStore represents the URL of custom Signature - Store - properties: - ca: - description: ca is an optional reference to a config map by - name containing the PEM-encoded CA bundle. It is used as a - trust anchor to validate the TLS certificate presented by - the remote server. The key "ca.crt" is used to locate the - data. If specified and the config map or expected key is not - found, the signature store is not honored. If the specified - ca data is not valid, the signature store is not honored. - If empty, we fall back to the CA configured via Proxy, which - is appended to the default system roots. The namespace for - this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - url: - description: url contains the upstream custom signature store - URL. url should be a valid absolute http/https URI of an upstream - signature store as per rfc1738. This must be provided and - cannot be empty. - type: string - x-kubernetes-validations: - - message: url must be a valid absolute URL - rule: isURL(self) - required: - - url - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - url - x-kubernetes-list-type: map - upstream: - description: upstream may be used to specify the preferred update - server. By default it will use the appropriate update server for - the cluster and region. - type: string - required: - - clusterID - type: object - status: - description: status contains information about the available updates and - any in-progress updates. - properties: - availableUpdates: - description: availableUpdates contains updates recommended for this - cluster. Updates which appear in conditionalUpdates but not in availableUpdates - may expose this cluster to known issues. This list may be empty - if no updates are recommended, if the update service is unavailable, - or if an invalid channel has been specified. - items: - description: Release represents an OpenShift release image and associated - metadata. - properties: - channels: - description: channels is the set of Cincinnati channels to which - the release currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is optional - if version is specified and the availableUpdates field contains - a matching version. - type: string - url: - description: url contains information about this release. This - URL is set by the 'url' metadata property on a release or - the metadata returned by the update API and should be displayed - as a link in user interfaces. The URL field may not be set - for test or nightly releases. - type: string - version: - description: version is a semantic version identifying the update - version. When this field is part of spec, version is optional - if image is specified. - type: string - type: object - nullable: true - type: array - x-kubernetes-list-type: atomic - capabilities: - description: capabilities describes the state of optional, core cluster - components. - properties: - enabledCapabilities: - description: enabledCapabilities lists all the capabilities that - are currently managed. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. - enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot - - NodeTuning - - MachineAPI - - Build - - DeploymentConfig - - ImageRegistry - - OperatorLifecycleManager - - CloudCredential - - Ingress - - CloudControllerManager - type: string - type: array - x-kubernetes-list-type: atomic - knownCapabilities: - description: knownCapabilities lists all the capabilities known - to the current cluster. - items: - description: ClusterVersionCapability enumerates optional, core - cluster components. - enum: - - openshift-samples - - baremetal - - marketplace - - Console - - Insights - - Storage - - CSISnapshot - - NodeTuning - - MachineAPI - - Build - - DeploymentConfig - - ImageRegistry - - OperatorLifecycleManager - - CloudCredential - - Ingress - - CloudControllerManager - type: string - type: array - x-kubernetes-list-type: atomic - type: object - conditionalUpdates: - description: conditionalUpdates contains the list of updates that - may be recommended for this cluster if it meets specific required - conditions. Consumers interested in the set of updates that are - actually recommended for this cluster should use availableUpdates. - This list may be empty if no updates are recommended, if the update - service is unavailable, or if an empty or invalid channel has been - specified. - items: - description: ConditionalUpdate represents an update which is recommended - to some clusters on the version the current cluster is reconciling, - but which may not be recommended for the current cluster. - properties: - conditions: - description: 'conditions represents the observations of the - conditional update''s current status. Known types are: * Recommended, - for whether the update is recommended for the current cluster.' - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - release: - description: release is the target of the update. - properties: - channels: - description: channels is the set of Cincinnati channels - to which the release currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is - optional if version is specified and the availableUpdates - field contains a matching version. - type: string - url: - description: url contains information about this release. - This URL is set by the 'url' metadata property on a release - or the metadata returned by the update API and should - be displayed as a link in user interfaces. The URL field - may not be set for test or nightly releases. - type: string - version: - description: version is a semantic version identifying the - update version. When this field is part of spec, version - is optional if image is specified. - type: string - type: object - risks: - description: risks represents the range of issues associated - with updating to the target release. The cluster-version operator - will evaluate all entries, and only recommend the update if - there is at least one entry and all entries recommend the - update. - items: - description: ConditionalUpdateRisk represents a reason and - cluster-state for not recommending a conditional update. - properties: - matchingRules: - description: matchingRules is a slice of conditions for - deciding which clusters match the risk and which do - not. The slice is ordered by decreasing precedence. - The cluster-version operator will walk the slice in - order, and stop after the first it can successfully - evaluate. If no condition can be successfully evaluated, - the update will not be recommended. - items: - description: ClusterCondition is a union of typed cluster - conditions. The 'type' property determines which - of the type-specific properties are relevant. When - evaluated on a cluster, the condition may match, not - match, or fail to evaluate. - properties: - promql: - description: promQL represents a cluster condition - based on PromQL. - properties: - promql: - description: PromQL is a PromQL query classifying - clusters. This query query should return a - 1 in the match case and a 0 in the does-not-match - case. Queries which return no time series, - or which return values besides 0 or 1, are - evaluation failures. - type: string - required: - - promql - type: object - type: - description: type represents the cluster-condition - type. This defines the members and semantics of - any additional properties. - enum: - - Always - - PromQL - type: string - required: - - type - type: object - minItems: 1 - type: array - x-kubernetes-list-type: atomic - message: - description: message provides additional information about - the risk of updating, in the event that matchingRules - match the cluster state. This is only to be consumed - by humans. It may contain Line Feed characters (U+000A), - which should be rendered as new lines. - minLength: 1 - type: string - name: - description: name is the CamelCase reason for not recommending - a conditional update, in the event that matchingRules - match the cluster state. - minLength: 1 - type: string - url: - description: url contains information about this risk. - format: uri - minLength: 1 - type: string - required: - - matchingRules - - message - - name - - url - type: object - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - release - - risks - type: object - type: array - x-kubernetes-list-type: atomic - conditions: - description: conditions provides information about the cluster version. - The condition "Available" is set to true if the desiredUpdate has - been reached. The condition "Progressing" is set to true if an update - is being applied. The condition "Degraded" is set to true if an - update is currently blocked by a temporary or permanent error. Conditions - are only valid for the current desiredUpdate when metadata.generation - is equal to status.generation. - items: - description: ClusterOperatorStatusCondition represents the state - of the operator's managed and monitored components. - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status property. - format: date-time - type: string - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. It - may contain Line Feed characters (U+000A), which should be - rendered as new lines. - type: string - reason: - description: reason is the CamelCase reason for the condition's - current status. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the aspect reported by this condition. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - desired: - description: desired is the version that the cluster is reconciling - towards. If the cluster is not yet fully initialized desired will - be set with the information available, which may be an image or - a tag. - properties: - channels: - description: channels is the set of Cincinnati channels to which - the release currently belongs. - items: - type: string - type: array - x-kubernetes-list-type: set - image: - description: image is a container image location that contains - the update. When this field is part of spec, image is optional - if version is specified and the availableUpdates field contains - a matching version. - type: string - url: - description: url contains information about this release. This - URL is set by the 'url' metadata property on a release or the - metadata returned by the update API and should be displayed - as a link in user interfaces. The URL field may not be set for - test or nightly releases. - type: string - version: - description: version is a semantic version identifying the update - version. When this field is part of spec, version is optional - if image is specified. - type: string - type: object - history: - description: history contains a list of the most recent versions applied - to the cluster. This value may be empty during cluster startup, - and then will be updated when a new update is being applied. The - newest update is first in the list and it is ordered by recency. - Updates in the history have state Completed if the rollout completed - - if an update was failing or halfway applied the state will be - Partial. Only a limited amount of update history is preserved. - items: - description: UpdateHistory is a single attempted update to the cluster. - properties: - acceptedRisks: - description: acceptedRisks records risks which were accepted - to initiate the update. For example, it may menition an Upgradeable=False - or missing signature that was overriden via desiredUpdate.force, - or an update that was initiated despite not being in the availableUpdates - set of recommended update targets. - type: string - completionTime: - description: completionTime, if set, is when the update was - fully applied. The update that is currently being applied - will have a null completion time. Completion time will always - be set for entries that are not the current update (usually - to the started time of the next update). - format: date-time - nullable: true - type: string - image: - description: image is a container image location that contains - the update. This value is always populated. - type: string - startedTime: - description: startedTime is the time at which the update was - started. - format: date-time - type: string - state: - description: state reflects whether the update was fully applied. - The Partial state indicates the update is not fully applied, - while the Completed state indicates the update was successfully - rolled out at least once (all parts of the update successfully - applied). - type: string - verified: - description: verified indicates whether the provided update - was properly verified before it was installed. If this is - false the cluster may not be trusted. Verified does not cover - upgradeable checks that depend on the cluster state at the - time when the update target was accepted. - type: boolean - version: - description: version is a semantic version identifying the update - version. If the requested image does not define a version, - or if a failure occurs retrieving the image, this value may - be empty. - type: string - required: - - completionTime - - image - - startedTime - - state - - verified - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration reports which version of the spec - is being synced. If this value is not equal to metadata.generation, - then the desired and conditions fields may represent a previous - version. - format: int64 - type: integer - versionHash: - description: versionHash is a fingerprint of the content that the - cluster will be updated with. It is used by the operator to avoid - unnecessary work and is for internal use only. - type: string - required: - - availableUpdates - - desired - - observedGeneration - - versionHash - type: object - required: - - spec - type: object - x-kubernetes-validations: - - message: the `baremetal` capability requires the `MachineAPI` capability, - which is neither explicitly or implicitly enabled in this cluster, please - enable the `MachineAPI` capability - rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) - && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''baremetal'' - in self.spec.capabilities.additionalEnabledCapabilities ? ''MachineAPI'' - in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) - && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) - && ''MachineAPI'' in self.status.capabilities.enabledCapabilities) : true' - - message: the `marketplace` capability requires the `OperatorLifecycleManager` - capability, which is neither explicitly or implicitly enabled in this - cluster, please enable the `OperatorLifecycleManager` capability - rule: 'has(self.spec.capabilities) && has(self.spec.capabilities.additionalEnabledCapabilities) - && self.spec.capabilities.baselineCapabilitySet == ''None'' && ''marketplace'' - in self.spec.capabilities.additionalEnabledCapabilities ? ''OperatorLifecycleManager'' - in self.spec.capabilities.additionalEnabledCapabilities || (has(self.status) - && has(self.status.capabilities) && has(self.status.capabilities.enabledCapabilities) - && ''OperatorLifecycleManager'' in self.status.capabilities.enabledCapabilities) - : true' - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml deleted file mode 100644 index 6f88a5161b1..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml +++ /dev/null @@ -1,107 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: proxies.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Proxy - listKind: ProxyList - plural: proxies - singular: proxy - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Proxy holds cluster-wide information on how to configure default - proxies for the cluster. The canonical name is `cluster` \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds user-settable values for the proxy configuration - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. Empty - means unset and will not result in an env var. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS requests. Empty - means unset and will not result in an env var. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames and/or - CIDRs and/or IPs for which the proxy should not be used. Empty means - unset and will not result in an env var. - type: string - readinessEndpoints: - description: readinessEndpoints is a list of endpoints used to verify - readiness of the proxy. - items: - type: string - type: array - trustedCA: - description: "trustedCA is a reference to a ConfigMap containing a - CA certificate bundle. The trustedCA field should only be consumed - by a proxy validator. The validator is responsible for reading the - certificate bundle from the required key \"ca-bundle.crt\", merging - it with the system default trust bundle, and writing the merged - trust bundle to a ConfigMap named \"trusted-ca-bundle\" in the \"openshift-config-managed\" - namespace. Clients that expect to make proxy connections must use - the trusted-ca-bundle for all HTTPS requests to the proxy, and may - use the trusted-ca-bundle for non-proxy HTTPS requests as well. - \n The namespace for the ConfigMap referenced by trustedCA is \"openshift-config\". - Here is an example ConfigMap (in yaml): \n apiVersion: v1 kind: - ConfigMap metadata: name: user-ca-bundle namespace: openshift-config - data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom CA certificate - bundle. -----END CERTIFICATE-----" - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS requests. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames and/or - CIDRs for which the proxy should not be used. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_03_marketplace-operator_01_operatorhub.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_03_marketplace-operator_01_operatorhub.crd.yaml deleted file mode 100644 index 40bd993e46a..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_03_marketplace-operator_01_operatorhub.crd.yaml +++ /dev/null @@ -1,110 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - capability.openshift.io/name: marketplace - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: operatorhubs.config.openshift.io -spec: - group: config.openshift.io - names: - kind: OperatorHub - listKind: OperatorHubList - plural: operatorhubs - singular: operatorhub - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "OperatorHub is the Schema for the operatorhubs API. It can be - used to change the state of the default hub sources for OperatorHub on the - cluster from enabled to disabled and vice versa. \n Compatibility level - 1: Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: OperatorHubSpec defines the desired state of OperatorHub - properties: - disableAllDefaultSources: - description: disableAllDefaultSources allows you to disable all the - default hub sources. If this is true, a specific entry in sources - can be used to enable a default source. If this is false, a specific - entry in sources can be used to disable or enable a default source. - type: boolean - sources: - description: sources is the list of default hub sources and their - configuration. If the list is empty, it implies that the default - hub sources are enabled on the cluster unless disableAllDefaultSources - is true. If disableAllDefaultSources is true and sources is not - empty, the configuration present in sources will take precedence. - The list of default hub sources and their current state will always - be reflected in the status block. - items: - description: HubSource is used to specify the hub source and its - configuration - properties: - disabled: - description: disabled is used to disable a default hub source - on cluster - type: boolean - name: - description: name is the name of one of the default hub sources - maxLength: 253 - minLength: 1 - type: string - type: object - type: array - type: object - status: - description: OperatorHubStatus defines the observed state of OperatorHub. - The current state of the default hub sources will always be reflected - here. - properties: - sources: - description: sources encapsulates the result of applying the configuration - for each hub source - items: - description: HubSourceStatus is used to reflect the current state - of applying the configuration to a default source - properties: - disabled: - description: disabled is used to disable a default hub source - on cluster - type: boolean - message: - description: message provides more information regarding failures - type: string - name: - description: name is the name of one of the default hub sources - maxLength: 253 - minLength: 1 - type: string - status: - description: status indicates success or failure in applying - the configuration - type: string - type: object - type: array - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml deleted file mode 100644 index 3d08745562c..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml +++ /dev/null @@ -1,315 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: apiservers.config.openshift.io -spec: - group: config.openshift.io - names: - kind: APIServer - listKind: APIServerList - plural: apiservers - singular: apiserver - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "APIServer holds configuration (like serving certificates, client - CA and CORS domains) shared by all API servers in the system, among them - especially kube-apiserver and openshift-apiserver. The canonical name of - an instance is 'cluster'. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - additionalCORSAllowedOrigins: - description: additionalCORSAllowedOrigins lists additional, user-defined - regular expressions describing hosts for which the API server allows - access using the CORS headers. This may be needed to access the - API and the integrated OAuth server from JavaScript applications. - The values are regular expressions that correspond to the Golang - regular expression language. - items: - type: string - type: array - audit: - default: - profile: Default - description: audit specifies the settings for audit configuration - to be applied to all OpenShift-provided API servers in the cluster. - properties: - customRules: - description: customRules specify profiles per group. These profile - take precedence over the top-level profile field if they apply. - They are evaluation from top to bottom and the first one that - matches, applies. - items: - description: AuditCustomRule describes a custom rule for an - audit profile that takes precedence over the top-level profile. - properties: - group: - description: group is a name of group a request user must - be member of in order to this profile to apply. - minLength: 1 - type: string - profile: - description: "profile specifies the name of the desired - audit policy configuration to be deployed to all OpenShift-provided - API servers in the cluster. \n The following profiles - are provided: - Default: the existing default policy. - - WriteRequestBodies: like 'Default', but logs request - and response HTTP payloads for write requests (create, - update, patch). - AllRequestBodies: like 'WriteRequestBodies', - but also logs request and response HTTP payloads for read - requests (get, list). - None: no requests are logged at - all, not even oauthaccesstokens and oauthauthorizetokens. - \n If unset, the 'Default' profile is used as the default." - enum: - - Default - - WriteRequestBodies - - AllRequestBodies - - None - type: string - required: - - group - - profile - type: object - type: array - x-kubernetes-list-map-keys: - - group - x-kubernetes-list-type: map - profile: - default: Default - description: "profile specifies the name of the desired top-level - audit profile to be applied to all requests sent to any of the - OpenShift-provided API servers in the cluster (kube-apiserver, - openshift-apiserver and oauth-apiserver), with the exception - of those requests that match one or more of the customRules. - \n The following profiles are provided: - Default: default policy - which means MetaData level logging with the exception of events - (not logged at all), oauthaccesstokens and oauthauthorizetokens - (both logged at RequestBody level). - WriteRequestBodies: like - 'Default', but logs request and response HTTP payloads for write - requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', - but also logs request and response HTTP payloads for read requests - (get, list). - None: no requests are logged at all, not even - oauthaccesstokens and oauthauthorizetokens. \n Warning: It is - not recommended to disable audit logging by using the `None` - profile unless you are fully aware of the risks of not logging - data that can be beneficial when troubleshooting issues. If - you disable audit logging and a support situation arises, you - might need to enable audit logging and reproduce the issue in - order to troubleshoot properly. \n If unset, the 'Default' profile - is used as the default." - enum: - - Default - - WriteRequestBodies - - AllRequestBodies - - None - type: string - type: object - clientCA: - description: 'clientCA references a ConfigMap containing a certificate - bundle for the signers that will be recognized for incoming client - certificates in addition to the operator managed signers. If this - is empty, then only operator managed signers are valid. You usually - only have to set this if you have your own PKI you wish to honor - client certificates from. The ConfigMap must exist in the openshift-config - namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - - CA bundle.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - encryption: - description: encryption allows the configuration of encryption of - resources at the datastore layer. - properties: - type: - description: "type defines what encryption type should be used - to encrypt resources at the datastore layer. When this field - is unset (i.e. when it is set to the empty string), identity - is implied. The behavior of unset can and will change over time. - \ Even if encryption is enabled by default, the meaning of unset - may change to a different encryption type based on changes in - best practices. \n When encryption is enabled, all sensitive - resources shipped with the platform are encrypted. This list - of sensitive resources can and will change over time. The current - authoritative list is: \n 1. secrets 2. configmaps 3. routes.route.openshift.io - 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io" - enum: - - "" - - identity - - aescbc - - aesgcm - type: string - type: object - servingCerts: - description: servingCert is the TLS cert info for serving secure traffic. - If not specified, operator managed certificates will be used for - serving secure traffic. - properties: - namedCertificates: - description: namedCertificates references secrets containing the - TLS cert info for serving secure traffic to specific hostnames. - If no named certificates are provided, or no named certificates - match the server name as understood by a client, the defaultServingCertificate - will be used. - items: - description: APIServerNamedServingCert maps a server DNS name, - as understood by a client, to a certificate. - properties: - names: - description: names is a optional list of explicit DNS names - (leading wildcards allowed) that should use this certificate - to serve secure traffic. If no names are provided, the - implicit names will be extracted from the certificates. - Exact names trump over wildcard names. Explicit names - defined here trump over extracted implicit names. - items: - type: string - type: array - servingCertificate: - description: 'servingCertificate references a kubernetes.io/tls - type secret containing the TLS cert info for serving secure - traffic. The secret must exist in the openshift-config - namespace and contain the following required fields: - - Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] - - TLS certificate.' - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - type: array - type: object - tlsSecurityProfile: - description: "tlsSecurityProfile specifies settings for TLS connections - for externally exposed servers. \n If unset, a default (which may - change between releases) is chosen. Note that only Old, Intermediate - and Custom profiles are currently supported, and the maximum available - minTLSVersion is VersionTLS12." - properties: - custom: - description: "custom is a user-defined TLS security profile. Be - extremely careful using a custom profile as invalid configurations - can be catastrophic. An example custom profile looks like this: - \n ciphers: \n - ECDHE-ECDSA-CHACHA20-POLY1305 \n - ECDHE-RSA-CHACHA20-POLY1305 - \n - ECDHE-RSA-AES128-GCM-SHA256 \n - ECDHE-ECDSA-AES128-GCM-SHA256 - \n minTLSVersion: VersionTLS11" - nullable: true - properties: - ciphers: - description: "ciphers is used to specify the cipher algorithms - that are negotiated during the TLS handshake. Operators - may remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" - items: - type: string - type: array - minTLSVersion: - description: "minTLSVersion is used to specify the minimal - version of the TLS protocol that is negotiated during the - TLS handshake. For example, to use TLS versions 1.1, 1.2 - and 1.3 (yaml): \n minTLSVersion: VersionTLS11 \n NOTE: - currently the highest minTLSVersion allowed is VersionTLS12" - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - type: string - type: object - intermediate: - description: "intermediate is a TLS security profile based on: - \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - \n and looks like this (yaml): \n ciphers: \n - TLS_AES_128_GCM_SHA256 - \n - TLS_AES_256_GCM_SHA384 \n - TLS_CHACHA20_POLY1305_SHA256 - \n - ECDHE-ECDSA-AES128-GCM-SHA256 \n - ECDHE-RSA-AES128-GCM-SHA256 - \n - ECDHE-ECDSA-AES256-GCM-SHA384 \n - ECDHE-RSA-AES256-GCM-SHA384 - \n - ECDHE-ECDSA-CHACHA20-POLY1305 \n - ECDHE-RSA-CHACHA20-POLY1305 - \n - DHE-RSA-AES128-GCM-SHA256 \n - DHE-RSA-AES256-GCM-SHA384 - \n minTLSVersion: VersionTLS12" - nullable: true - type: object - modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - \n and looks like this (yaml): \n ciphers: \n - TLS_AES_128_GCM_SHA256 - \n - TLS_AES_256_GCM_SHA384 \n - TLS_CHACHA20_POLY1305_SHA256 - \n minTLSVersion: VersionTLS13" - nullable: true - type: object - old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - \n and looks like this (yaml): \n ciphers: \n - TLS_AES_128_GCM_SHA256 - \n - TLS_AES_256_GCM_SHA384 \n - TLS_CHACHA20_POLY1305_SHA256 - \n - ECDHE-ECDSA-AES128-GCM-SHA256 \n - ECDHE-RSA-AES128-GCM-SHA256 - \n - ECDHE-ECDSA-AES256-GCM-SHA384 \n - ECDHE-RSA-AES256-GCM-SHA384 - \n - ECDHE-ECDSA-CHACHA20-POLY1305 \n - ECDHE-RSA-CHACHA20-POLY1305 - \n - DHE-RSA-AES128-GCM-SHA256 \n - DHE-RSA-AES256-GCM-SHA384 - \n - DHE-RSA-CHACHA20-POLY1305 \n - ECDHE-ECDSA-AES128-SHA256 - \n - ECDHE-RSA-AES128-SHA256 \n - ECDHE-ECDSA-AES128-SHA \n - - ECDHE-RSA-AES128-SHA \n - ECDHE-ECDSA-AES256-SHA384 \n - ECDHE-RSA-AES256-SHA384 - \n - ECDHE-ECDSA-AES256-SHA \n - ECDHE-RSA-AES256-SHA \n - DHE-RSA-AES128-SHA256 - \n - DHE-RSA-AES256-SHA256 \n - AES128-GCM-SHA256 \n - AES256-GCM-SHA384 - \n - AES128-SHA256 \n - AES256-SHA256 \n - AES128-SHA \n - AES256-SHA - \n - DES-CBC3-SHA \n minTLSVersion: VersionTLS10" - nullable: true - type: object - type: - description: "type is one of Old, Intermediate, Modern or Custom. - Custom provides the ability to specify individual TLS security - profile parameters. Old, Intermediate and Modern are TLS security - profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - \n The profiles are intent based, so they may change over time - as new ciphers are developed and existing ciphers are found - to be insecure. Depending on precisely which ciphers are available - to a process, the list may be reduced. \n Note that the Modern - profile is currently not supported because it is not yet well - adopted by common software libraries." - enum: - - Old - - Intermediate - - Modern - - Custom - type: string - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-Hypershift.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-Hypershift.yaml deleted file mode 100644 index b602c498b34..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-Hypershift.yaml +++ /dev/null @@ -1,552 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - name: authentications.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Authentication - listKind: AuthenticationList - plural: authentications - singular: authentication - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Authentication specifies cluster-wide settings for authentication - (like OAuth and webhook token authenticators). The canonical name of an - instance is `cluster`. \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - oauthMetadata: - description: 'oauthMetadata contains the discovery endpoint data for - OAuth 2.0 Authorization Server Metadata for an external OAuth server. - This discovery document can be viewed from its served location: - oc get --raw ''/.well-known/oauth-authorization-server'' For further - details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - If oauthMetadata.name is non-empty, this value has precedence over - any metadata reference stored in status. The key "oauthMetadata" - is used to locate the data. If specified and the config map or expected - key is not found, no metadata is served. If the specified metadata - is not valid, no metadata is served. The namespace for this config - map is openshift-config.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - oidcProviders: - description: "OIDCProviders are OIDC identity providers that can issue - tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\". - \n At most one provider can be configured." - items: - properties: - claimMappings: - description: ClaimMappings describes rules on how to transform - information from an ID token into a cluster identity - properties: - groups: - description: Groups is a name of the claim that should be - used to construct groups for the cluster identity. The - referenced claim must use array of strings values. - properties: - claim: - description: Claim is a JWT token claim to be used in - the mapping - type: string - prefix: - description: "Prefix is a string to prefix the value - from the token in the result of the claim mapping. - \n By default, no prefixing occurs. \n Example: if - `prefix` is set to \"myoidc:\"\" and the `claim` in - JWT contains an array of strings \"a\", \"b\" and - \ \"c\", the mapping will result in an array of string - \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\"." - type: string - required: - - claim - type: object - username: - description: "Username is a name of the claim that should - be used to construct usernames for the cluster identity. - \n Default value: \"sub\"" - properties: - claim: - description: Claim is a JWT token claim to be used in - the mapping - type: string - prefix: - properties: - prefixString: - minLength: 1 - type: string - required: - - prefixString - type: object - prefixPolicy: - description: "PrefixPolicy specifies how a prefix should - apply. \n By default, claims other than `email` will - be prefixed with the issuer URL to prevent naming - clashes with other plugins. \n Set to \"NoPrefix\" - to disable prefixing. \n Example: (1) `prefix` is - set to \"myoidc:\" and `claim` is set to \"username\". - If the JWT claim `username` contains value `userA`, - the resulting mapped value will be \"myoidc:userA\". - (2) `prefix` is set to \"myoidc:\" and `claim` is - set to \"email\". If the JWT `email` claim contains - value \"userA@myoidc.tld\", the resulting mapped value - will be \"myoidc:userA@myoidc.tld\". (3) `prefix` - is unset, `issuerURL` is set to `https://myoidc.tld`, - the JWT claims include \"username\":\"userA\" and - \"email\":\"userA@myoidc.tld\", and `claim` is set - to: (a) \"username\": the mapped value will be \"https://myoidc.tld#userA\" - (b) \"email\": the mapped value will be \"userA@myoidc.tld\"" - enum: - - "" - - NoPrefix - - Prefix - type: string - required: - - claim - type: object - x-kubernetes-validations: - - message: prefix must be set if prefixPolicy is 'Prefix', - but must remain unset otherwise - rule: 'has(self.prefixPolicy) && self.prefixPolicy == - ''Prefix'' ? (has(self.prefix) && size(self.prefix.prefixString) - > 0) : !has(self.prefix)' - type: object - claimValidationRules: - description: ClaimValidationRules are rules that are applied - to validate token claims to authenticate users. - items: - properties: - requiredClaim: - description: RequiredClaim allows configuring a required - claim name and its expected value - properties: - claim: - description: Claim is a name of a required claim. - Only claims with string values are supported. - minLength: 1 - type: string - requiredValue: - description: RequiredValue is the required value for - the claim. - minLength: 1 - type: string - required: - - claim - - requiredValue - type: object - type: - default: RequiredClaim - description: Type sets the type of the validation rule - enum: - - RequiredClaim - type: string - type: object - type: array - x-kubernetes-list-type: atomic - issuer: - description: Issuer describes atributes of the OIDC token issuer - properties: - audiences: - description: Audiences is an array of audiences that the - token was issued for. Valid tokens must include at least - one of these values in their "aud" claim. Must be set - to exactly one value. - items: - minLength: 1 - type: string - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: set - issuerCertificateAuthority: - description: CertificateAuthority is a reference to a config - map in the configuration namespace. The .data of the configMap - must contain the "ca-bundle.crt" key. If unset, system - trust is used instead. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - issuerURL: - description: URL is the serving URL of the token issuer. - Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - required: - - audiences - - issuerURL - type: object - name: - description: Name of the OIDC provider - minLength: 1 - type: string - oidcClients: - description: OIDCClients contains configuration for the platform's - clients that need to request tokens from the issuer - items: - properties: - clientID: - description: ClientID is the identifier of the OIDC client - from the OIDC provider - minLength: 1 - type: string - clientSecret: - description: ClientSecret refers to a secret in the `openshift-config` - namespace that contains the client secret in the `clientSecret` - key of the `.data` field - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - componentName: - description: ComponentName is the name of the component - that is supposed to consume this client configuration - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: ComponentNamespace is the namespace of the - component that is supposed to consume this client configuration - maxLength: 63 - minLength: 1 - type: string - extraScopes: - description: ExtraScopes is an optional set of scopes - to request tokens with. - items: - type: string - type: array - x-kubernetes-list-type: set - required: - - clientID - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - required: - - issuer - - name - type: object - maxItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - serviceAccountIssuer: - description: 'serviceAccountIssuer is the identifier of the bound - service account token issuer. The default is https://kubernetes.default.svc - WARNING: Updating this field will not result in immediate invalidation - of all bound tokens with the previous issuer value. Instead, the - tokens issued by previous service account issuer will continue to - be trusted for a time period chosen by the platform (currently set - to 24h). This time period is subject to change over time. This allows - internal components to transition to use new service account issuer - without service distruption.' - type: string - type: - description: type identifies the cluster managed, user facing authentication - mode in use. Specifically, it manages the component that responds - to login attempts. The default is IntegratedOAuth. - enum: - - "" - - None - - IntegratedOAuth - - OIDC - type: string - webhookTokenAuthenticator: - description: "webhookTokenAuthenticator configures a remote token - reviewer. These remote authentication webhooks can be used to verify - bearer tokens via the tokenreviews.authentication.k8s.io REST API. - This is required to honor bearer tokens that are provisioned by - an external authentication service. \n Can only be set if \"Type\" - is set to \"None\"." - properties: - kubeConfig: - description: "kubeConfig references a secret that contains kube - config file data which describes how to access the remote webhook - service. The namespace for the referenced secret is openshift-config. - \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - \n The key \"kubeConfig\" is used to locate the data. If the - secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored." - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - required: - - kubeConfig - type: object - webhookTokenAuthenticators: - description: webhookTokenAuthenticators is DEPRECATED, setting it - has no effect. - items: - description: deprecatedWebhookTokenAuthenticator holds the necessary - configuration options for a remote token authenticator. It's the - same as WebhookTokenAuthenticator but it's missing the 'required' - validation on KubeConfig field. - properties: - kubeConfig: - description: 'kubeConfig contains kube config file data which - describes how to access the remote webhook service. For further - details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - The key "kubeConfig" is used to locate the data. If the secret - or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored. The namespace for this secret is determined - by the point of use.' - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - integratedOAuthMetadata: - description: 'integratedOAuthMetadata contains the discovery endpoint - data for OAuth 2.0 Authorization Server Metadata for the in-cluster - integrated OAuth server. This discovery document can be viewed from - its served location: oc get --raw ''/.well-known/oauth-authorization-server'' - For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - This contains the observed value based on cluster state. An explicitly - set value in spec.oauthMetadata has precedence over this field. - This field has no meaning if authentication spec.type is not set - to IntegratedOAuth. The key "oauthMetadata" is used to locate the - data. If the config map or expected key is not found, no metadata - is served. If the specified metadata is not valid, no metadata is - served. The namespace for this config map is openshift-config-managed.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - oidcClients: - description: OIDCClients is where participating operators place the - current OIDC client status for OIDC clients that can be customized - by the cluster-admin. - items: - properties: - componentName: - description: ComponentName is the name of the component that - will consume a client configuration. - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: ComponentNamespace is the namespace of the component - that will consume a client configuration. - maxLength: 63 - minLength: 1 - type: string - conditions: - description: "Conditions are used to communicate the state of - the `oidcClients` entry. \n Supported conditions include Available, - Degraded and Progressing. \n If Available is true, the component - is successfully using the configured client. If Degraded is - true, that means something has gone wrong trying to handle - the client configuration. If Progressing is true, that means - the component is taking some action related to the `oidcClients` - entry." - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - consumingUsers: - description: ConsumingUsers is a slice of ServiceAccounts that - need to have read permission on the `clientSecret` secret. - items: - description: ConsumingUser is an alias for string which we - add validation to. Currently only service accounts are supported. - maxLength: 512 - minLength: 1 - pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - maxItems: 5 - type: array - x-kubernetes-list-type: set - currentOIDCClients: - description: CurrentOIDCClients is a list of clients that the - component is currently using. - items: - properties: - clientID: - description: ClientID is the identifier of the OIDC client - from the OIDC provider - minLength: 1 - type: string - issuerURL: - description: URL is the serving URL of the token issuer. - Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - oidcProviderName: - description: OIDCName refers to the `name` of the provider - from `oidcProviders` - minLength: 1 - type: string - required: - - clientID - - issuerURL - - oidcProviderName - type: object - type: array - x-kubernetes-list-map-keys: - - issuerURL - - clientID - x-kubernetes-list-type: map - required: - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - x-kubernetes-validations: - - message: all oidcClients in the oidcProviders must match their componentName - and componentNamespace to either a previously configured oidcClient or - they must exist in the status.oidcClients - rule: '!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) - || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace - == specC.componentNamespace && statusC.componentName == specC.componentName) - || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, - oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, - oldC.componentNamespace == specC.componentNamespace && oldC.componentName - == specC.componentName)))))' - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SelfManagedHA-CustomNoUpgrade.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SelfManagedHA-CustomNoUpgrade.yaml deleted file mode 100644 index 796371ee567..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SelfManagedHA-CustomNoUpgrade.yaml +++ /dev/null @@ -1,553 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/self-managed-high-availability: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: authentications.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Authentication - listKind: AuthenticationList - plural: authentications - singular: authentication - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Authentication specifies cluster-wide settings for authentication - (like OAuth and webhook token authenticators). The canonical name of an - instance is `cluster`. \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - oauthMetadata: - description: 'oauthMetadata contains the discovery endpoint data for - OAuth 2.0 Authorization Server Metadata for an external OAuth server. - This discovery document can be viewed from its served location: - oc get --raw ''/.well-known/oauth-authorization-server'' For further - details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - If oauthMetadata.name is non-empty, this value has precedence over - any metadata reference stored in status. The key "oauthMetadata" - is used to locate the data. If specified and the config map or expected - key is not found, no metadata is served. If the specified metadata - is not valid, no metadata is served. The namespace for this config - map is openshift-config.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - oidcProviders: - description: "OIDCProviders are OIDC identity providers that can issue - tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\". - \n At most one provider can be configured." - items: - properties: - claimMappings: - description: ClaimMappings describes rules on how to transform - information from an ID token into a cluster identity - properties: - groups: - description: Groups is a name of the claim that should be - used to construct groups for the cluster identity. The - referenced claim must use array of strings values. - properties: - claim: - description: Claim is a JWT token claim to be used in - the mapping - type: string - prefix: - description: "Prefix is a string to prefix the value - from the token in the result of the claim mapping. - \n By default, no prefixing occurs. \n Example: if - `prefix` is set to \"myoidc:\"\" and the `claim` in - JWT contains an array of strings \"a\", \"b\" and - \ \"c\", the mapping will result in an array of string - \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\"." - type: string - required: - - claim - type: object - username: - description: "Username is a name of the claim that should - be used to construct usernames for the cluster identity. - \n Default value: \"sub\"" - properties: - claim: - description: Claim is a JWT token claim to be used in - the mapping - type: string - prefix: - properties: - prefixString: - minLength: 1 - type: string - required: - - prefixString - type: object - prefixPolicy: - description: "PrefixPolicy specifies how a prefix should - apply. \n By default, claims other than `email` will - be prefixed with the issuer URL to prevent naming - clashes with other plugins. \n Set to \"NoPrefix\" - to disable prefixing. \n Example: (1) `prefix` is - set to \"myoidc:\" and `claim` is set to \"username\". - If the JWT claim `username` contains value `userA`, - the resulting mapped value will be \"myoidc:userA\". - (2) `prefix` is set to \"myoidc:\" and `claim` is - set to \"email\". If the JWT `email` claim contains - value \"userA@myoidc.tld\", the resulting mapped value - will be \"myoidc:userA@myoidc.tld\". (3) `prefix` - is unset, `issuerURL` is set to `https://myoidc.tld`, - the JWT claims include \"username\":\"userA\" and - \"email\":\"userA@myoidc.tld\", and `claim` is set - to: (a) \"username\": the mapped value will be \"https://myoidc.tld#userA\" - (b) \"email\": the mapped value will be \"userA@myoidc.tld\"" - enum: - - "" - - NoPrefix - - Prefix - type: string - required: - - claim - type: object - x-kubernetes-validations: - - message: prefix must be set if prefixPolicy is 'Prefix', - but must remain unset otherwise - rule: 'has(self.prefixPolicy) && self.prefixPolicy == - ''Prefix'' ? (has(self.prefix) && size(self.prefix.prefixString) - > 0) : !has(self.prefix)' - type: object - claimValidationRules: - description: ClaimValidationRules are rules that are applied - to validate token claims to authenticate users. - items: - properties: - requiredClaim: - description: RequiredClaim allows configuring a required - claim name and its expected value - properties: - claim: - description: Claim is a name of a required claim. - Only claims with string values are supported. - minLength: 1 - type: string - requiredValue: - description: RequiredValue is the required value for - the claim. - minLength: 1 - type: string - required: - - claim - - requiredValue - type: object - type: - default: RequiredClaim - description: Type sets the type of the validation rule - enum: - - RequiredClaim - type: string - type: object - type: array - x-kubernetes-list-type: atomic - issuer: - description: Issuer describes atributes of the OIDC token issuer - properties: - audiences: - description: Audiences is an array of audiences that the - token was issued for. Valid tokens must include at least - one of these values in their "aud" claim. Must be set - to exactly one value. - items: - minLength: 1 - type: string - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: set - issuerCertificateAuthority: - description: CertificateAuthority is a reference to a config - map in the configuration namespace. The .data of the configMap - must contain the "ca-bundle.crt" key. If unset, system - trust is used instead. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - issuerURL: - description: URL is the serving URL of the token issuer. - Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - required: - - audiences - - issuerURL - type: object - name: - description: Name of the OIDC provider - minLength: 1 - type: string - oidcClients: - description: OIDCClients contains configuration for the platform's - clients that need to request tokens from the issuer - items: - properties: - clientID: - description: ClientID is the identifier of the OIDC client - from the OIDC provider - minLength: 1 - type: string - clientSecret: - description: ClientSecret refers to a secret in the `openshift-config` - namespace that contains the client secret in the `clientSecret` - key of the `.data` field - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - componentName: - description: ComponentName is the name of the component - that is supposed to consume this client configuration - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: ComponentNamespace is the namespace of the - component that is supposed to consume this client configuration - maxLength: 63 - minLength: 1 - type: string - extraScopes: - description: ExtraScopes is an optional set of scopes - to request tokens with. - items: - type: string - type: array - x-kubernetes-list-type: set - required: - - clientID - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - required: - - issuer - - name - type: object - maxItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - serviceAccountIssuer: - description: 'serviceAccountIssuer is the identifier of the bound - service account token issuer. The default is https://kubernetes.default.svc - WARNING: Updating this field will not result in immediate invalidation - of all bound tokens with the previous issuer value. Instead, the - tokens issued by previous service account issuer will continue to - be trusted for a time period chosen by the platform (currently set - to 24h). This time period is subject to change over time. This allows - internal components to transition to use new service account issuer - without service distruption.' - type: string - type: - description: type identifies the cluster managed, user facing authentication - mode in use. Specifically, it manages the component that responds - to login attempts. The default is IntegratedOAuth. - enum: - - "" - - None - - IntegratedOAuth - - OIDC - type: string - webhookTokenAuthenticator: - description: "webhookTokenAuthenticator configures a remote token - reviewer. These remote authentication webhooks can be used to verify - bearer tokens via the tokenreviews.authentication.k8s.io REST API. - This is required to honor bearer tokens that are provisioned by - an external authentication service. \n Can only be set if \"Type\" - is set to \"None\"." - properties: - kubeConfig: - description: "kubeConfig references a secret that contains kube - config file data which describes how to access the remote webhook - service. The namespace for the referenced secret is openshift-config. - \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - \n The key \"kubeConfig\" is used to locate the data. If the - secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored." - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - required: - - kubeConfig - type: object - webhookTokenAuthenticators: - description: webhookTokenAuthenticators is DEPRECATED, setting it - has no effect. - items: - description: deprecatedWebhookTokenAuthenticator holds the necessary - configuration options for a remote token authenticator. It's the - same as WebhookTokenAuthenticator but it's missing the 'required' - validation on KubeConfig field. - properties: - kubeConfig: - description: 'kubeConfig contains kube config file data which - describes how to access the remote webhook service. For further - details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - The key "kubeConfig" is used to locate the data. If the secret - or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored. The namespace for this secret is determined - by the point of use.' - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - integratedOAuthMetadata: - description: 'integratedOAuthMetadata contains the discovery endpoint - data for OAuth 2.0 Authorization Server Metadata for the in-cluster - integrated OAuth server. This discovery document can be viewed from - its served location: oc get --raw ''/.well-known/oauth-authorization-server'' - For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - This contains the observed value based on cluster state. An explicitly - set value in spec.oauthMetadata has precedence over this field. - This field has no meaning if authentication spec.type is not set - to IntegratedOAuth. The key "oauthMetadata" is used to locate the - data. If the config map or expected key is not found, no metadata - is served. If the specified metadata is not valid, no metadata is - served. The namespace for this config map is openshift-config-managed.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - oidcClients: - description: OIDCClients is where participating operators place the - current OIDC client status for OIDC clients that can be customized - by the cluster-admin. - items: - properties: - componentName: - description: ComponentName is the name of the component that - will consume a client configuration. - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: ComponentNamespace is the namespace of the component - that will consume a client configuration. - maxLength: 63 - minLength: 1 - type: string - conditions: - description: "Conditions are used to communicate the state of - the `oidcClients` entry. \n Supported conditions include Available, - Degraded and Progressing. \n If Available is true, the component - is successfully using the configured client. If Degraded is - true, that means something has gone wrong trying to handle - the client configuration. If Progressing is true, that means - the component is taking some action related to the `oidcClients` - entry." - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - consumingUsers: - description: ConsumingUsers is a slice of ServiceAccounts that - need to have read permission on the `clientSecret` secret. - items: - description: ConsumingUser is an alias for string which we - add validation to. Currently only service accounts are supported. - maxLength: 512 - minLength: 1 - pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - maxItems: 5 - type: array - x-kubernetes-list-type: set - currentOIDCClients: - description: CurrentOIDCClients is a list of clients that the - component is currently using. - items: - properties: - clientID: - description: ClientID is the identifier of the OIDC client - from the OIDC provider - minLength: 1 - type: string - issuerURL: - description: URL is the serving URL of the token issuer. - Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - oidcProviderName: - description: OIDCName refers to the `name` of the provider - from `oidcProviders` - minLength: 1 - type: string - required: - - clientID - - issuerURL - - oidcProviderName - type: object - type: array - x-kubernetes-list-map-keys: - - issuerURL - - clientID - x-kubernetes-list-type: map - required: - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - x-kubernetes-validations: - - message: all oidcClients in the oidcProviders must match their componentName - and componentNamespace to either a previously configured oidcClient or - they must exist in the status.oidcClients - rule: '!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) - || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace - == specC.componentNamespace && statusC.componentName == specC.componentName) - || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, - oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, - oldC.componentNamespace == specC.componentNamespace && oldC.componentName - == specC.componentName)))))' - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SelfManagedHA-Default.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SelfManagedHA-Default.yaml deleted file mode 100644 index 8439a5120a0..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SelfManagedHA-Default.yaml +++ /dev/null @@ -1,171 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/self-managed-high-availability: "true" - release.openshift.io/feature-set: Default - name: authentications.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Authentication - listKind: AuthenticationList - plural: authentications - singular: authentication - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Authentication specifies cluster-wide settings for authentication - (like OAuth and webhook token authenticators). The canonical name of an - instance is `cluster`. \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - oauthMetadata: - description: 'oauthMetadata contains the discovery endpoint data for - OAuth 2.0 Authorization Server Metadata for an external OAuth server. - This discovery document can be viewed from its served location: - oc get --raw ''/.well-known/oauth-authorization-server'' For further - details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - If oauthMetadata.name is non-empty, this value has precedence over - any metadata reference stored in status. The key "oauthMetadata" - is used to locate the data. If specified and the config map or expected - key is not found, no metadata is served. If the specified metadata - is not valid, no metadata is served. The namespace for this config - map is openshift-config.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - serviceAccountIssuer: - description: 'serviceAccountIssuer is the identifier of the bound - service account token issuer. The default is https://kubernetes.default.svc - WARNING: Updating this field will not result in immediate invalidation - of all bound tokens with the previous issuer value. Instead, the - tokens issued by previous service account issuer will continue to - be trusted for a time period chosen by the platform (currently set - to 24h). This time period is subject to change over time. This allows - internal components to transition to use new service account issuer - without service distruption.' - type: string - type: - description: type identifies the cluster managed, user facing authentication - mode in use. Specifically, it manages the component that responds - to login attempts. The default is IntegratedOAuth. - enum: - - "" - - None - - IntegratedOAuth - type: string - webhookTokenAuthenticator: - description: "webhookTokenAuthenticator configures a remote token - reviewer. These remote authentication webhooks can be used to verify - bearer tokens via the tokenreviews.authentication.k8s.io REST API. - This is required to honor bearer tokens that are provisioned by - an external authentication service. \n Can only be set if \"Type\" - is set to \"None\"." - properties: - kubeConfig: - description: "kubeConfig references a secret that contains kube - config file data which describes how to access the remote webhook - service. The namespace for the referenced secret is openshift-config. - \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - \n The key \"kubeConfig\" is used to locate the data. If the - secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored." - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - required: - - kubeConfig - type: object - webhookTokenAuthenticators: - description: webhookTokenAuthenticators is DEPRECATED, setting it - has no effect. - items: - description: deprecatedWebhookTokenAuthenticator holds the necessary - configuration options for a remote token authenticator. It's the - same as WebhookTokenAuthenticator but it's missing the 'required' - validation on KubeConfig field. - properties: - kubeConfig: - description: 'kubeConfig contains kube config file data which - describes how to access the remote webhook service. For further - details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - The key "kubeConfig" is used to locate the data. If the secret - or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored. The namespace for this secret is determined - by the point of use.' - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - integratedOAuthMetadata: - description: 'integratedOAuthMetadata contains the discovery endpoint - data for OAuth 2.0 Authorization Server Metadata for the in-cluster - integrated OAuth server. This discovery document can be viewed from - its served location: oc get --raw ''/.well-known/oauth-authorization-server'' - For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - This contains the observed value based on cluster state. An explicitly - set value in spec.oauthMetadata has precedence over this field. - This field has no meaning if authentication spec.type is not set - to IntegratedOAuth. The key "oauthMetadata" is used to locate the - data. If the config map or expected key is not found, no metadata - is served. If the specified metadata is not valid, no metadata is - served. The namespace for this config map is openshift-config-managed.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SelfManagedHA-TechPreviewNoUpgrade.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SelfManagedHA-TechPreviewNoUpgrade.yaml deleted file mode 100644 index 7911fefb761..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SelfManagedHA-TechPreviewNoUpgrade.yaml +++ /dev/null @@ -1,553 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/self-managed-high-availability: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: authentications.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Authentication - listKind: AuthenticationList - plural: authentications - singular: authentication - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Authentication specifies cluster-wide settings for authentication - (like OAuth and webhook token authenticators). The canonical name of an - instance is `cluster`. \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - oauthMetadata: - description: 'oauthMetadata contains the discovery endpoint data for - OAuth 2.0 Authorization Server Metadata for an external OAuth server. - This discovery document can be viewed from its served location: - oc get --raw ''/.well-known/oauth-authorization-server'' For further - details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - If oauthMetadata.name is non-empty, this value has precedence over - any metadata reference stored in status. The key "oauthMetadata" - is used to locate the data. If specified and the config map or expected - key is not found, no metadata is served. If the specified metadata - is not valid, no metadata is served. The namespace for this config - map is openshift-config.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - oidcProviders: - description: "OIDCProviders are OIDC identity providers that can issue - tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\". - \n At most one provider can be configured." - items: - properties: - claimMappings: - description: ClaimMappings describes rules on how to transform - information from an ID token into a cluster identity - properties: - groups: - description: Groups is a name of the claim that should be - used to construct groups for the cluster identity. The - referenced claim must use array of strings values. - properties: - claim: - description: Claim is a JWT token claim to be used in - the mapping - type: string - prefix: - description: "Prefix is a string to prefix the value - from the token in the result of the claim mapping. - \n By default, no prefixing occurs. \n Example: if - `prefix` is set to \"myoidc:\"\" and the `claim` in - JWT contains an array of strings \"a\", \"b\" and - \ \"c\", the mapping will result in an array of string - \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\"." - type: string - required: - - claim - type: object - username: - description: "Username is a name of the claim that should - be used to construct usernames for the cluster identity. - \n Default value: \"sub\"" - properties: - claim: - description: Claim is a JWT token claim to be used in - the mapping - type: string - prefix: - properties: - prefixString: - minLength: 1 - type: string - required: - - prefixString - type: object - prefixPolicy: - description: "PrefixPolicy specifies how a prefix should - apply. \n By default, claims other than `email` will - be prefixed with the issuer URL to prevent naming - clashes with other plugins. \n Set to \"NoPrefix\" - to disable prefixing. \n Example: (1) `prefix` is - set to \"myoidc:\" and `claim` is set to \"username\". - If the JWT claim `username` contains value `userA`, - the resulting mapped value will be \"myoidc:userA\". - (2) `prefix` is set to \"myoidc:\" and `claim` is - set to \"email\". If the JWT `email` claim contains - value \"userA@myoidc.tld\", the resulting mapped value - will be \"myoidc:userA@myoidc.tld\". (3) `prefix` - is unset, `issuerURL` is set to `https://myoidc.tld`, - the JWT claims include \"username\":\"userA\" and - \"email\":\"userA@myoidc.tld\", and `claim` is set - to: (a) \"username\": the mapped value will be \"https://myoidc.tld#userA\" - (b) \"email\": the mapped value will be \"userA@myoidc.tld\"" - enum: - - "" - - NoPrefix - - Prefix - type: string - required: - - claim - type: object - x-kubernetes-validations: - - message: prefix must be set if prefixPolicy is 'Prefix', - but must remain unset otherwise - rule: 'has(self.prefixPolicy) && self.prefixPolicy == - ''Prefix'' ? (has(self.prefix) && size(self.prefix.prefixString) - > 0) : !has(self.prefix)' - type: object - claimValidationRules: - description: ClaimValidationRules are rules that are applied - to validate token claims to authenticate users. - items: - properties: - requiredClaim: - description: RequiredClaim allows configuring a required - claim name and its expected value - properties: - claim: - description: Claim is a name of a required claim. - Only claims with string values are supported. - minLength: 1 - type: string - requiredValue: - description: RequiredValue is the required value for - the claim. - minLength: 1 - type: string - required: - - claim - - requiredValue - type: object - type: - default: RequiredClaim - description: Type sets the type of the validation rule - enum: - - RequiredClaim - type: string - type: object - type: array - x-kubernetes-list-type: atomic - issuer: - description: Issuer describes atributes of the OIDC token issuer - properties: - audiences: - description: Audiences is an array of audiences that the - token was issued for. Valid tokens must include at least - one of these values in their "aud" claim. Must be set - to exactly one value. - items: - minLength: 1 - type: string - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: set - issuerCertificateAuthority: - description: CertificateAuthority is a reference to a config - map in the configuration namespace. The .data of the configMap - must contain the "ca-bundle.crt" key. If unset, system - trust is used instead. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - issuerURL: - description: URL is the serving URL of the token issuer. - Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - required: - - audiences - - issuerURL - type: object - name: - description: Name of the OIDC provider - minLength: 1 - type: string - oidcClients: - description: OIDCClients contains configuration for the platform's - clients that need to request tokens from the issuer - items: - properties: - clientID: - description: ClientID is the identifier of the OIDC client - from the OIDC provider - minLength: 1 - type: string - clientSecret: - description: ClientSecret refers to a secret in the `openshift-config` - namespace that contains the client secret in the `clientSecret` - key of the `.data` field - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - componentName: - description: ComponentName is the name of the component - that is supposed to consume this client configuration - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: ComponentNamespace is the namespace of the - component that is supposed to consume this client configuration - maxLength: 63 - minLength: 1 - type: string - extraScopes: - description: ExtraScopes is an optional set of scopes - to request tokens with. - items: - type: string - type: array - x-kubernetes-list-type: set - required: - - clientID - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - required: - - issuer - - name - type: object - maxItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - serviceAccountIssuer: - description: 'serviceAccountIssuer is the identifier of the bound - service account token issuer. The default is https://kubernetes.default.svc - WARNING: Updating this field will not result in immediate invalidation - of all bound tokens with the previous issuer value. Instead, the - tokens issued by previous service account issuer will continue to - be trusted for a time period chosen by the platform (currently set - to 24h). This time period is subject to change over time. This allows - internal components to transition to use new service account issuer - without service distruption.' - type: string - type: - description: type identifies the cluster managed, user facing authentication - mode in use. Specifically, it manages the component that responds - to login attempts. The default is IntegratedOAuth. - enum: - - "" - - None - - IntegratedOAuth - - OIDC - type: string - webhookTokenAuthenticator: - description: "webhookTokenAuthenticator configures a remote token - reviewer. These remote authentication webhooks can be used to verify - bearer tokens via the tokenreviews.authentication.k8s.io REST API. - This is required to honor bearer tokens that are provisioned by - an external authentication service. \n Can only be set if \"Type\" - is set to \"None\"." - properties: - kubeConfig: - description: "kubeConfig references a secret that contains kube - config file data which describes how to access the remote webhook - service. The namespace for the referenced secret is openshift-config. - \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - \n The key \"kubeConfig\" is used to locate the data. If the - secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored." - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - required: - - kubeConfig - type: object - webhookTokenAuthenticators: - description: webhookTokenAuthenticators is DEPRECATED, setting it - has no effect. - items: - description: deprecatedWebhookTokenAuthenticator holds the necessary - configuration options for a remote token authenticator. It's the - same as WebhookTokenAuthenticator but it's missing the 'required' - validation on KubeConfig field. - properties: - kubeConfig: - description: 'kubeConfig contains kube config file data which - describes how to access the remote webhook service. For further - details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - The key "kubeConfig" is used to locate the data. If the secret - or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored. The namespace for this secret is determined - by the point of use.' - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - integratedOAuthMetadata: - description: 'integratedOAuthMetadata contains the discovery endpoint - data for OAuth 2.0 Authorization Server Metadata for the in-cluster - integrated OAuth server. This discovery document can be viewed from - its served location: oc get --raw ''/.well-known/oauth-authorization-server'' - For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - This contains the observed value based on cluster state. An explicitly - set value in spec.oauthMetadata has precedence over this field. - This field has no meaning if authentication spec.type is not set - to IntegratedOAuth. The key "oauthMetadata" is used to locate the - data. If the config map or expected key is not found, no metadata - is served. If the specified metadata is not valid, no metadata is - served. The namespace for this config map is openshift-config-managed.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - oidcClients: - description: OIDCClients is where participating operators place the - current OIDC client status for OIDC clients that can be customized - by the cluster-admin. - items: - properties: - componentName: - description: ComponentName is the name of the component that - will consume a client configuration. - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: ComponentNamespace is the namespace of the component - that will consume a client configuration. - maxLength: 63 - minLength: 1 - type: string - conditions: - description: "Conditions are used to communicate the state of - the `oidcClients` entry. \n Supported conditions include Available, - Degraded and Progressing. \n If Available is true, the component - is successfully using the configured client. If Degraded is - true, that means something has gone wrong trying to handle - the client configuration. If Progressing is true, that means - the component is taking some action related to the `oidcClients` - entry." - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - consumingUsers: - description: ConsumingUsers is a slice of ServiceAccounts that - need to have read permission on the `clientSecret` secret. - items: - description: ConsumingUser is an alias for string which we - add validation to. Currently only service accounts are supported. - maxLength: 512 - minLength: 1 - pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - maxItems: 5 - type: array - x-kubernetes-list-type: set - currentOIDCClients: - description: CurrentOIDCClients is a list of clients that the - component is currently using. - items: - properties: - clientID: - description: ClientID is the identifier of the OIDC client - from the OIDC provider - minLength: 1 - type: string - issuerURL: - description: URL is the serving URL of the token issuer. - Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - oidcProviderName: - description: OIDCName refers to the `name` of the provider - from `oidcProviders` - minLength: 1 - type: string - required: - - clientID - - issuerURL - - oidcProviderName - type: object - type: array - x-kubernetes-list-map-keys: - - issuerURL - - clientID - x-kubernetes-list-type: map - required: - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - x-kubernetes-validations: - - message: all oidcClients in the oidcProviders must match their componentName - and componentNamespace to either a previously configured oidcClient or - they must exist in the status.oidcClients - rule: '!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) - || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace - == specC.componentNamespace && statusC.componentName == specC.componentName) - || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, - oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, - oldC.componentNamespace == specC.componentNamespace && oldC.componentName - == specC.componentName)))))' - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SingleNode-CustomNoUpgrade.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SingleNode-CustomNoUpgrade.yaml deleted file mode 100644 index bfaf81b8241..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SingleNode-CustomNoUpgrade.yaml +++ /dev/null @@ -1,553 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: authentications.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Authentication - listKind: AuthenticationList - plural: authentications - singular: authentication - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Authentication specifies cluster-wide settings for authentication - (like OAuth and webhook token authenticators). The canonical name of an - instance is `cluster`. \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - oauthMetadata: - description: 'oauthMetadata contains the discovery endpoint data for - OAuth 2.0 Authorization Server Metadata for an external OAuth server. - This discovery document can be viewed from its served location: - oc get --raw ''/.well-known/oauth-authorization-server'' For further - details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - If oauthMetadata.name is non-empty, this value has precedence over - any metadata reference stored in status. The key "oauthMetadata" - is used to locate the data. If specified and the config map or expected - key is not found, no metadata is served. If the specified metadata - is not valid, no metadata is served. The namespace for this config - map is openshift-config.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - oidcProviders: - description: "OIDCProviders are OIDC identity providers that can issue - tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\". - \n At most one provider can be configured." - items: - properties: - claimMappings: - description: ClaimMappings describes rules on how to transform - information from an ID token into a cluster identity - properties: - groups: - description: Groups is a name of the claim that should be - used to construct groups for the cluster identity. The - referenced claim must use array of strings values. - properties: - claim: - description: Claim is a JWT token claim to be used in - the mapping - type: string - prefix: - description: "Prefix is a string to prefix the value - from the token in the result of the claim mapping. - \n By default, no prefixing occurs. \n Example: if - `prefix` is set to \"myoidc:\"\" and the `claim` in - JWT contains an array of strings \"a\", \"b\" and - \ \"c\", the mapping will result in an array of string - \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\"." - type: string - required: - - claim - type: object - username: - description: "Username is a name of the claim that should - be used to construct usernames for the cluster identity. - \n Default value: \"sub\"" - properties: - claim: - description: Claim is a JWT token claim to be used in - the mapping - type: string - prefix: - properties: - prefixString: - minLength: 1 - type: string - required: - - prefixString - type: object - prefixPolicy: - description: "PrefixPolicy specifies how a prefix should - apply. \n By default, claims other than `email` will - be prefixed with the issuer URL to prevent naming - clashes with other plugins. \n Set to \"NoPrefix\" - to disable prefixing. \n Example: (1) `prefix` is - set to \"myoidc:\" and `claim` is set to \"username\". - If the JWT claim `username` contains value `userA`, - the resulting mapped value will be \"myoidc:userA\". - (2) `prefix` is set to \"myoidc:\" and `claim` is - set to \"email\". If the JWT `email` claim contains - value \"userA@myoidc.tld\", the resulting mapped value - will be \"myoidc:userA@myoidc.tld\". (3) `prefix` - is unset, `issuerURL` is set to `https://myoidc.tld`, - the JWT claims include \"username\":\"userA\" and - \"email\":\"userA@myoidc.tld\", and `claim` is set - to: (a) \"username\": the mapped value will be \"https://myoidc.tld#userA\" - (b) \"email\": the mapped value will be \"userA@myoidc.tld\"" - enum: - - "" - - NoPrefix - - Prefix - type: string - required: - - claim - type: object - x-kubernetes-validations: - - message: prefix must be set if prefixPolicy is 'Prefix', - but must remain unset otherwise - rule: 'has(self.prefixPolicy) && self.prefixPolicy == - ''Prefix'' ? (has(self.prefix) && size(self.prefix.prefixString) - > 0) : !has(self.prefix)' - type: object - claimValidationRules: - description: ClaimValidationRules are rules that are applied - to validate token claims to authenticate users. - items: - properties: - requiredClaim: - description: RequiredClaim allows configuring a required - claim name and its expected value - properties: - claim: - description: Claim is a name of a required claim. - Only claims with string values are supported. - minLength: 1 - type: string - requiredValue: - description: RequiredValue is the required value for - the claim. - minLength: 1 - type: string - required: - - claim - - requiredValue - type: object - type: - default: RequiredClaim - description: Type sets the type of the validation rule - enum: - - RequiredClaim - type: string - type: object - type: array - x-kubernetes-list-type: atomic - issuer: - description: Issuer describes atributes of the OIDC token issuer - properties: - audiences: - description: Audiences is an array of audiences that the - token was issued for. Valid tokens must include at least - one of these values in their "aud" claim. Must be set - to exactly one value. - items: - minLength: 1 - type: string - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: set - issuerCertificateAuthority: - description: CertificateAuthority is a reference to a config - map in the configuration namespace. The .data of the configMap - must contain the "ca-bundle.crt" key. If unset, system - trust is used instead. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - issuerURL: - description: URL is the serving URL of the token issuer. - Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - required: - - audiences - - issuerURL - type: object - name: - description: Name of the OIDC provider - minLength: 1 - type: string - oidcClients: - description: OIDCClients contains configuration for the platform's - clients that need to request tokens from the issuer - items: - properties: - clientID: - description: ClientID is the identifier of the OIDC client - from the OIDC provider - minLength: 1 - type: string - clientSecret: - description: ClientSecret refers to a secret in the `openshift-config` - namespace that contains the client secret in the `clientSecret` - key of the `.data` field - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - componentName: - description: ComponentName is the name of the component - that is supposed to consume this client configuration - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: ComponentNamespace is the namespace of the - component that is supposed to consume this client configuration - maxLength: 63 - minLength: 1 - type: string - extraScopes: - description: ExtraScopes is an optional set of scopes - to request tokens with. - items: - type: string - type: array - x-kubernetes-list-type: set - required: - - clientID - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - required: - - issuer - - name - type: object - maxItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - serviceAccountIssuer: - description: 'serviceAccountIssuer is the identifier of the bound - service account token issuer. The default is https://kubernetes.default.svc - WARNING: Updating this field will not result in immediate invalidation - of all bound tokens with the previous issuer value. Instead, the - tokens issued by previous service account issuer will continue to - be trusted for a time period chosen by the platform (currently set - to 24h). This time period is subject to change over time. This allows - internal components to transition to use new service account issuer - without service distruption.' - type: string - type: - description: type identifies the cluster managed, user facing authentication - mode in use. Specifically, it manages the component that responds - to login attempts. The default is IntegratedOAuth. - enum: - - "" - - None - - IntegratedOAuth - - OIDC - type: string - webhookTokenAuthenticator: - description: "webhookTokenAuthenticator configures a remote token - reviewer. These remote authentication webhooks can be used to verify - bearer tokens via the tokenreviews.authentication.k8s.io REST API. - This is required to honor bearer tokens that are provisioned by - an external authentication service. \n Can only be set if \"Type\" - is set to \"None\"." - properties: - kubeConfig: - description: "kubeConfig references a secret that contains kube - config file data which describes how to access the remote webhook - service. The namespace for the referenced secret is openshift-config. - \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - \n The key \"kubeConfig\" is used to locate the data. If the - secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored." - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - required: - - kubeConfig - type: object - webhookTokenAuthenticators: - description: webhookTokenAuthenticators is DEPRECATED, setting it - has no effect. - items: - description: deprecatedWebhookTokenAuthenticator holds the necessary - configuration options for a remote token authenticator. It's the - same as WebhookTokenAuthenticator but it's missing the 'required' - validation on KubeConfig field. - properties: - kubeConfig: - description: 'kubeConfig contains kube config file data which - describes how to access the remote webhook service. For further - details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - The key "kubeConfig" is used to locate the data. If the secret - or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored. The namespace for this secret is determined - by the point of use.' - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - integratedOAuthMetadata: - description: 'integratedOAuthMetadata contains the discovery endpoint - data for OAuth 2.0 Authorization Server Metadata for the in-cluster - integrated OAuth server. This discovery document can be viewed from - its served location: oc get --raw ''/.well-known/oauth-authorization-server'' - For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - This contains the observed value based on cluster state. An explicitly - set value in spec.oauthMetadata has precedence over this field. - This field has no meaning if authentication spec.type is not set - to IntegratedOAuth. The key "oauthMetadata" is used to locate the - data. If the config map or expected key is not found, no metadata - is served. If the specified metadata is not valid, no metadata is - served. The namespace for this config map is openshift-config-managed.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - oidcClients: - description: OIDCClients is where participating operators place the - current OIDC client status for OIDC clients that can be customized - by the cluster-admin. - items: - properties: - componentName: - description: ComponentName is the name of the component that - will consume a client configuration. - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: ComponentNamespace is the namespace of the component - that will consume a client configuration. - maxLength: 63 - minLength: 1 - type: string - conditions: - description: "Conditions are used to communicate the state of - the `oidcClients` entry. \n Supported conditions include Available, - Degraded and Progressing. \n If Available is true, the component - is successfully using the configured client. If Degraded is - true, that means something has gone wrong trying to handle - the client configuration. If Progressing is true, that means - the component is taking some action related to the `oidcClients` - entry." - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - consumingUsers: - description: ConsumingUsers is a slice of ServiceAccounts that - need to have read permission on the `clientSecret` secret. - items: - description: ConsumingUser is an alias for string which we - add validation to. Currently only service accounts are supported. - maxLength: 512 - minLength: 1 - pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - maxItems: 5 - type: array - x-kubernetes-list-type: set - currentOIDCClients: - description: CurrentOIDCClients is a list of clients that the - component is currently using. - items: - properties: - clientID: - description: ClientID is the identifier of the OIDC client - from the OIDC provider - minLength: 1 - type: string - issuerURL: - description: URL is the serving URL of the token issuer. - Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - oidcProviderName: - description: OIDCName refers to the `name` of the provider - from `oidcProviders` - minLength: 1 - type: string - required: - - clientID - - issuerURL - - oidcProviderName - type: object - type: array - x-kubernetes-list-map-keys: - - issuerURL - - clientID - x-kubernetes-list-type: map - required: - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - x-kubernetes-validations: - - message: all oidcClients in the oidcProviders must match their componentName - and componentNamespace to either a previously configured oidcClient or - they must exist in the status.oidcClients - rule: '!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) - || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace - == specC.componentNamespace && statusC.componentName == specC.componentName) - || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, - oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, - oldC.componentNamespace == specC.componentNamespace && oldC.componentName - == specC.componentName)))))' - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SingleNode-Default.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SingleNode-Default.yaml deleted file mode 100644 index ffcf1d56ee1..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SingleNode-Default.yaml +++ /dev/null @@ -1,171 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: Default - name: authentications.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Authentication - listKind: AuthenticationList - plural: authentications - singular: authentication - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Authentication specifies cluster-wide settings for authentication - (like OAuth and webhook token authenticators). The canonical name of an - instance is `cluster`. \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - oauthMetadata: - description: 'oauthMetadata contains the discovery endpoint data for - OAuth 2.0 Authorization Server Metadata for an external OAuth server. - This discovery document can be viewed from its served location: - oc get --raw ''/.well-known/oauth-authorization-server'' For further - details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - If oauthMetadata.name is non-empty, this value has precedence over - any metadata reference stored in status. The key "oauthMetadata" - is used to locate the data. If specified and the config map or expected - key is not found, no metadata is served. If the specified metadata - is not valid, no metadata is served. The namespace for this config - map is openshift-config.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - serviceAccountIssuer: - description: 'serviceAccountIssuer is the identifier of the bound - service account token issuer. The default is https://kubernetes.default.svc - WARNING: Updating this field will not result in immediate invalidation - of all bound tokens with the previous issuer value. Instead, the - tokens issued by previous service account issuer will continue to - be trusted for a time period chosen by the platform (currently set - to 24h). This time period is subject to change over time. This allows - internal components to transition to use new service account issuer - without service distruption.' - type: string - type: - description: type identifies the cluster managed, user facing authentication - mode in use. Specifically, it manages the component that responds - to login attempts. The default is IntegratedOAuth. - enum: - - "" - - None - - IntegratedOAuth - type: string - webhookTokenAuthenticator: - description: "webhookTokenAuthenticator configures a remote token - reviewer. These remote authentication webhooks can be used to verify - bearer tokens via the tokenreviews.authentication.k8s.io REST API. - This is required to honor bearer tokens that are provisioned by - an external authentication service. \n Can only be set if \"Type\" - is set to \"None\"." - properties: - kubeConfig: - description: "kubeConfig references a secret that contains kube - config file data which describes how to access the remote webhook - service. The namespace for the referenced secret is openshift-config. - \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - \n The key \"kubeConfig\" is used to locate the data. If the - secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored." - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - required: - - kubeConfig - type: object - webhookTokenAuthenticators: - description: webhookTokenAuthenticators is DEPRECATED, setting it - has no effect. - items: - description: deprecatedWebhookTokenAuthenticator holds the necessary - configuration options for a remote token authenticator. It's the - same as WebhookTokenAuthenticator but it's missing the 'required' - validation on KubeConfig field. - properties: - kubeConfig: - description: 'kubeConfig contains kube config file data which - describes how to access the remote webhook service. For further - details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - The key "kubeConfig" is used to locate the data. If the secret - or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored. The namespace for this secret is determined - by the point of use.' - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - integratedOAuthMetadata: - description: 'integratedOAuthMetadata contains the discovery endpoint - data for OAuth 2.0 Authorization Server Metadata for the in-cluster - integrated OAuth server. This discovery document can be viewed from - its served location: oc get --raw ''/.well-known/oauth-authorization-server'' - For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - This contains the observed value based on cluster state. An explicitly - set value in spec.oauthMetadata has precedence over this field. - This field has no meaning if authentication spec.type is not set - to IntegratedOAuth. The key "oauthMetadata" is used to locate the - data. If the config map or expected key is not found, no metadata - is served. If the specified metadata is not valid, no metadata is - served. The namespace for this config map is openshift-config-managed.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SingleNode-TechPreviewNoUpgrade.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SingleNode-TechPreviewNoUpgrade.yaml deleted file mode 100644 index caf9f4faec2..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd-SingleNode-TechPreviewNoUpgrade.yaml +++ /dev/null @@ -1,553 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: authentications.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Authentication - listKind: AuthenticationList - plural: authentications - singular: authentication - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Authentication specifies cluster-wide settings for authentication - (like OAuth and webhook token authenticators). The canonical name of an - instance is `cluster`. \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - oauthMetadata: - description: 'oauthMetadata contains the discovery endpoint data for - OAuth 2.0 Authorization Server Metadata for an external OAuth server. - This discovery document can be viewed from its served location: - oc get --raw ''/.well-known/oauth-authorization-server'' For further - details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - If oauthMetadata.name is non-empty, this value has precedence over - any metadata reference stored in status. The key "oauthMetadata" - is used to locate the data. If specified and the config map or expected - key is not found, no metadata is served. If the specified metadata - is not valid, no metadata is served. The namespace for this config - map is openshift-config.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - oidcProviders: - description: "OIDCProviders are OIDC identity providers that can issue - tokens for this cluster Can only be set if \"Type\" is set to \"OIDC\". - \n At most one provider can be configured." - items: - properties: - claimMappings: - description: ClaimMappings describes rules on how to transform - information from an ID token into a cluster identity - properties: - groups: - description: Groups is a name of the claim that should be - used to construct groups for the cluster identity. The - referenced claim must use array of strings values. - properties: - claim: - description: Claim is a JWT token claim to be used in - the mapping - type: string - prefix: - description: "Prefix is a string to prefix the value - from the token in the result of the claim mapping. - \n By default, no prefixing occurs. \n Example: if - `prefix` is set to \"myoidc:\"\" and the `claim` in - JWT contains an array of strings \"a\", \"b\" and - \ \"c\", the mapping will result in an array of string - \"myoidc:a\", \"myoidc:b\" and \"myoidc:c\"." - type: string - required: - - claim - type: object - username: - description: "Username is a name of the claim that should - be used to construct usernames for the cluster identity. - \n Default value: \"sub\"" - properties: - claim: - description: Claim is a JWT token claim to be used in - the mapping - type: string - prefix: - properties: - prefixString: - minLength: 1 - type: string - required: - - prefixString - type: object - prefixPolicy: - description: "PrefixPolicy specifies how a prefix should - apply. \n By default, claims other than `email` will - be prefixed with the issuer URL to prevent naming - clashes with other plugins. \n Set to \"NoPrefix\" - to disable prefixing. \n Example: (1) `prefix` is - set to \"myoidc:\" and `claim` is set to \"username\". - If the JWT claim `username` contains value `userA`, - the resulting mapped value will be \"myoidc:userA\". - (2) `prefix` is set to \"myoidc:\" and `claim` is - set to \"email\". If the JWT `email` claim contains - value \"userA@myoidc.tld\", the resulting mapped value - will be \"myoidc:userA@myoidc.tld\". (3) `prefix` - is unset, `issuerURL` is set to `https://myoidc.tld`, - the JWT claims include \"username\":\"userA\" and - \"email\":\"userA@myoidc.tld\", and `claim` is set - to: (a) \"username\": the mapped value will be \"https://myoidc.tld#userA\" - (b) \"email\": the mapped value will be \"userA@myoidc.tld\"" - enum: - - "" - - NoPrefix - - Prefix - type: string - required: - - claim - type: object - x-kubernetes-validations: - - message: prefix must be set if prefixPolicy is 'Prefix', - but must remain unset otherwise - rule: 'has(self.prefixPolicy) && self.prefixPolicy == - ''Prefix'' ? (has(self.prefix) && size(self.prefix.prefixString) - > 0) : !has(self.prefix)' - type: object - claimValidationRules: - description: ClaimValidationRules are rules that are applied - to validate token claims to authenticate users. - items: - properties: - requiredClaim: - description: RequiredClaim allows configuring a required - claim name and its expected value - properties: - claim: - description: Claim is a name of a required claim. - Only claims with string values are supported. - minLength: 1 - type: string - requiredValue: - description: RequiredValue is the required value for - the claim. - minLength: 1 - type: string - required: - - claim - - requiredValue - type: object - type: - default: RequiredClaim - description: Type sets the type of the validation rule - enum: - - RequiredClaim - type: string - type: object - type: array - x-kubernetes-list-type: atomic - issuer: - description: Issuer describes atributes of the OIDC token issuer - properties: - audiences: - description: Audiences is an array of audiences that the - token was issued for. Valid tokens must include at least - one of these values in their "aud" claim. Must be set - to exactly one value. - items: - minLength: 1 - type: string - maxItems: 10 - minItems: 1 - type: array - x-kubernetes-list-type: set - issuerCertificateAuthority: - description: CertificateAuthority is a reference to a config - map in the configuration namespace. The .data of the configMap - must contain the "ca-bundle.crt" key. If unset, system - trust is used instead. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - issuerURL: - description: URL is the serving URL of the token issuer. - Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - required: - - audiences - - issuerURL - type: object - name: - description: Name of the OIDC provider - minLength: 1 - type: string - oidcClients: - description: OIDCClients contains configuration for the platform's - clients that need to request tokens from the issuer - items: - properties: - clientID: - description: ClientID is the identifier of the OIDC client - from the OIDC provider - minLength: 1 - type: string - clientSecret: - description: ClientSecret refers to a secret in the `openshift-config` - namespace that contains the client secret in the `clientSecret` - key of the `.data` field - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - componentName: - description: ComponentName is the name of the component - that is supposed to consume this client configuration - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: ComponentNamespace is the namespace of the - component that is supposed to consume this client configuration - maxLength: 63 - minLength: 1 - type: string - extraScopes: - description: ExtraScopes is an optional set of scopes - to request tokens with. - items: - type: string - type: array - x-kubernetes-list-type: set - required: - - clientID - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - required: - - issuer - - name - type: object - maxItems: 1 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - serviceAccountIssuer: - description: 'serviceAccountIssuer is the identifier of the bound - service account token issuer. The default is https://kubernetes.default.svc - WARNING: Updating this field will not result in immediate invalidation - of all bound tokens with the previous issuer value. Instead, the - tokens issued by previous service account issuer will continue to - be trusted for a time period chosen by the platform (currently set - to 24h). This time period is subject to change over time. This allows - internal components to transition to use new service account issuer - without service distruption.' - type: string - type: - description: type identifies the cluster managed, user facing authentication - mode in use. Specifically, it manages the component that responds - to login attempts. The default is IntegratedOAuth. - enum: - - "" - - None - - IntegratedOAuth - - OIDC - type: string - webhookTokenAuthenticator: - description: "webhookTokenAuthenticator configures a remote token - reviewer. These remote authentication webhooks can be used to verify - bearer tokens via the tokenreviews.authentication.k8s.io REST API. - This is required to honor bearer tokens that are provisioned by - an external authentication service. \n Can only be set if \"Type\" - is set to \"None\"." - properties: - kubeConfig: - description: "kubeConfig references a secret that contains kube - config file data which describes how to access the remote webhook - service. The namespace for the referenced secret is openshift-config. - \n For further details, see: \n https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - \n The key \"kubeConfig\" is used to locate the data. If the - secret or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored." - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - required: - - kubeConfig - type: object - webhookTokenAuthenticators: - description: webhookTokenAuthenticators is DEPRECATED, setting it - has no effect. - items: - description: deprecatedWebhookTokenAuthenticator holds the necessary - configuration options for a remote token authenticator. It's the - same as WebhookTokenAuthenticator but it's missing the 'required' - validation on KubeConfig field. - properties: - kubeConfig: - description: 'kubeConfig contains kube config file data which - describes how to access the remote webhook service. For further - details, see: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#webhook-token-authentication - The key "kubeConfig" is used to locate the data. If the secret - or expected key is not found, the webhook is not honored. - If the specified kube config data is not valid, the webhook - is not honored. The namespace for this secret is determined - by the point of use.' - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - type: array - x-kubernetes-list-type: atomic - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - integratedOAuthMetadata: - description: 'integratedOAuthMetadata contains the discovery endpoint - data for OAuth 2.0 Authorization Server Metadata for the in-cluster - integrated OAuth server. This discovery document can be viewed from - its served location: oc get --raw ''/.well-known/oauth-authorization-server'' - For further details, see the IETF Draft: https://tools.ietf.org/html/draft-ietf-oauth-discovery-04#section-2 - This contains the observed value based on cluster state. An explicitly - set value in spec.oauthMetadata has precedence over this field. - This field has no meaning if authentication spec.type is not set - to IntegratedOAuth. The key "oauthMetadata" is used to locate the - data. If the config map or expected key is not found, no metadata - is served. If the specified metadata is not valid, no metadata is - served. The namespace for this config map is openshift-config-managed.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - oidcClients: - description: OIDCClients is where participating operators place the - current OIDC client status for OIDC clients that can be customized - by the cluster-admin. - items: - properties: - componentName: - description: ComponentName is the name of the component that - will consume a client configuration. - maxLength: 256 - minLength: 1 - type: string - componentNamespace: - description: ComponentNamespace is the namespace of the component - that will consume a client configuration. - maxLength: 63 - minLength: 1 - type: string - conditions: - description: "Conditions are used to communicate the state of - the `oidcClients` entry. \n Supported conditions include Available, - Degraded and Progressing. \n If Available is true, the component - is successfully using the configured client. If Degraded is - true, that means something has gone wrong trying to handle - the client configuration. If Progressing is true, that means - the component is taking some action related to the `oidcClients` - entry." - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - consumingUsers: - description: ConsumingUsers is a slice of ServiceAccounts that - need to have read permission on the `clientSecret` secret. - items: - description: ConsumingUser is an alias for string which we - add validation to. Currently only service accounts are supported. - maxLength: 512 - minLength: 1 - pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - maxItems: 5 - type: array - x-kubernetes-list-type: set - currentOIDCClients: - description: CurrentOIDCClients is a list of clients that the - component is currently using. - items: - properties: - clientID: - description: ClientID is the identifier of the OIDC client - from the OIDC provider - minLength: 1 - type: string - issuerURL: - description: URL is the serving URL of the token issuer. - Must use the https:// scheme. - pattern: ^https:\/\/[^\s] - type: string - oidcProviderName: - description: OIDCName refers to the `name` of the provider - from `oidcProviders` - minLength: 1 - type: string - required: - - clientID - - issuerURL - - oidcProviderName - type: object - type: array - x-kubernetes-list-map-keys: - - issuerURL - - clientID - x-kubernetes-list-type: map - required: - - componentName - - componentNamespace - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - componentNamespace - - componentName - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - x-kubernetes-validations: - - message: all oidcClients in the oidcProviders must match their componentName - and componentNamespace to either a previously configured oidcClient or - they must exist in the status.oidcClients - rule: '!has(self.spec.oidcProviders) || self.spec.oidcProviders.all(p, !has(p.oidcClients) - || p.oidcClients.all(specC, self.status.oidcClients.exists(statusC, statusC.componentNamespace - == specC.componentNamespace && statusC.componentName == specC.componentName) - || (has(oldSelf.spec.oidcProviders) && oldSelf.spec.oidcProviders.exists(oldP, - oldP.name == p.name && has(oldP.oidcClients) && oldP.oidcClients.exists(oldC, - oldC.componentNamespace == specC.componentNamespace && oldC.componentName - == specC.componentName)))))' - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml deleted file mode 100644 index 00b8d1b5f13..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml +++ /dev/null @@ -1,76 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: consoles.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Console - listKind: ConsoleList - plural: consoles - singular: console - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Console holds cluster-wide configuration for the web console, - including the logout URL, and reports the public URL of the console. The - canonical name is `cluster`. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - authentication: - description: ConsoleAuthentication defines a list of optional configuration - for console authentication. - properties: - logoutRedirect: - description: 'An optional, absolute URL to redirect web browsers - to after logging out of the console. If not specified, it will - redirect to the default login page. This is required when using - an identity provider that supports single sign-on (SSO) such - as: - OpenID (Keycloak, Azure) - RequestHeader (GSSAPI, SSPI, - SAML) - OAuth (GitHub, GitLab, Google) Logging out of the console - will destroy the user''s token. The logoutRedirect provides - the user the option to perform single logout (SLO) through the - identity provider to destroy their single sign-on session.' - pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))$ - type: string - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - consoleURL: - description: The URL for the console. This will be derived from the - host for the route that is created for the console. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml deleted file mode 100644 index f673fad87e2..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml +++ /dev/null @@ -1,159 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: dnses.config.openshift.io -spec: - group: config.openshift.io - names: - kind: DNS - listKind: DNSList - plural: dnses - singular: dns - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "DNS holds cluster-wide information about DNS. The canonical - name is `cluster` \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - baseDomain: - description: "baseDomain is the base domain of the cluster. All managed - DNS records will be sub-domains of this base. \n For example, given - the base domain `openshift.example.com`, an API server DNS record - may be created for `cluster-api.openshift.example.com`. \n Once - set, this field cannot be changed." - type: string - platform: - description: platform holds configuration specific to the underlying - infrastructure provider for DNS. When omitted, this means the user - has no opinion and the platform is left to choose reasonable defaults. - These defaults are subject to change over time. - properties: - aws: - description: aws contains DNS configuration specific to the Amazon - Web Services cloud provider. - properties: - privateZoneIAMRole: - description: privateZoneIAMRole contains the ARN of an IAM - role that should be assumed when performing operations on - the cluster's private hosted zone specified in the cluster - DNS config. When left empty, no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ - type: string - type: object - type: - description: "type is the underlying infrastructure provider for - the cluster. Allowed values: \"\", \"AWS\". \n Individual components - may not support all platforms, and must handle unrecognized - platforms with best-effort defaults." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - x-kubernetes-validations: - - message: allowed values are '' and 'AWS' - rule: self in ['','AWS'] - required: - - type - type: object - x-kubernetes-validations: - - message: aws configuration is required when platform is AWS, and - forbidden otherwise - rule: 'has(self.type) && self.type == ''AWS'' ? has(self.aws) : - !has(self.aws)' - privateZone: - description: "privateZone is the location where all the DNS records - that are only available internally to the cluster exist. \n If this - field is nil, no private records should be created. \n Once set, - this field cannot be changed." - properties: - id: - description: "id is the identifier that can be used to find the - DNS hosted zone. \n on AWS zone can be fetched using `ID` as - id in [1] on Azure zone can be fetched using `ID` as a pre-determined - name in [2], on GCP zone can be fetched using `ID` as a pre-determined - name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" - type: string - tags: - additionalProperties: - type: string - description: "tags can be used to query the DNS hosted zone. \n - on AWS, resourcegroupstaggingapi [1] can be used to fetch a - zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" - type: object - type: object - publicZone: - description: "publicZone is the location where all the DNS records - that are publicly accessible to the internet exist. \n If this field - is nil, no public records should be created. \n Once set, this field - cannot be changed." - properties: - id: - description: "id is the identifier that can be used to find the - DNS hosted zone. \n on AWS zone can be fetched using `ID` as - id in [1] on Azure zone can be fetched using `ID` as a pre-determined - name in [2], on GCP zone can be fetched using `ID` as a pre-determined - name in [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" - type: string - tags: - additionalProperties: - type: string - description: "tags can be used to query the DNS hosted zone. \n - on AWS, resourcegroupstaggingapi [1] can be used to fetch a - zone using `Tags` as tag-filters, \n [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" - type: object - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml deleted file mode 100644 index 27d0287ddc8..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml +++ /dev/null @@ -1,214 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: featuregates.config.openshift.io -spec: - group: config.openshift.io - names: - kind: FeatureGate - listKind: FeatureGateList - plural: featuregates - singular: featuregate - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Feature holds cluster-wide information about feature gates. - \ The canonical name is `cluster` \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - customNoUpgrade: - description: customNoUpgrade allows the enabling or disabling of any - feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE - UNDONE, and PREVENTS UPGRADES. Because of its nature, this setting - cannot be validated. If you have any typos or accidentally apply - invalid combinations your cluster may fail in an unrecoverable way. featureSet - must equal "CustomNoUpgrade" must be set to use this field. - nullable: true - properties: - disabled: - description: disabled is a list of all feature gates that you - want to force off - items: - description: FeatureGateName is a string to enforce patterns - on the name of a FeatureGate - pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ - type: string - type: array - enabled: - description: enabled is a list of all feature gates that you want - to force on - items: - description: FeatureGateName is a string to enforce patterns - on the name of a FeatureGate - pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ - type: string - type: array - type: object - featureSet: - description: featureSet changes the list of features in the cluster. The - default is empty. Be very careful adjusting this setting. Turning - on or off features may cause irreversible changes in your cluster - which cannot be undone. - type: string - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - conditions: - description: 'conditions represent the observations of the current - state. Known .status.conditions.type are: "DeterminationDegraded"' - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - featureGates: - description: featureGates contains a list of enabled and disabled - featureGates that are keyed by payloadVersion. Operators other than - the CVO and cluster-config-operator, must read the .status.featureGates, - locate the version they are managing, find the enabled/disabled - featuregates and make the operand and operator match. The enabled/disabled - values for a particular version may change during the life of the - cluster as various .spec.featureSet values are selected. Operators - may choose to restart their processes to pick up these changes, - but remembering past enable/disable lists is beyond the scope of - this API and is the responsibility of individual operators. Only - featureGates with .version in the ClusterVersion.status will be - present in this list. - items: - properties: - disabled: - description: disabled is a list of all feature gates that are - disabled in the cluster for the named version. - items: - properties: - name: - description: name is the name of the FeatureGate. - pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ - type: string - required: - - name - type: object - type: array - enabled: - description: enabled is a list of all feature gates that are - enabled in the cluster for the named version. - items: - properties: - name: - description: name is the name of the FeatureGate. - pattern: ^([A-Za-z0-9-]+\.)*[A-Za-z0-9-]+\.?$ - type: string - required: - - name - type: object - type: array - version: - description: version matches the version provided by the ClusterVersion - and in the ClusterOperator.Status.Versions field. - type: string - required: - - version - type: object - type: array - x-kubernetes-list-map-keys: - - version - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml deleted file mode 100644 index dbbbb7c921d..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml +++ /dev/null @@ -1,163 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: images.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Image - listKind: ImageList - plural: images - singular: image - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Image governs policies related to imagestream imports and runtime - configuration for external registries. It allows cluster admins to configure - which registries OpenShift is allowed to import images from, extra CA trust - bundles for external registries, and policies to block or allow registry - hostnames. When exposing OpenShift's image registry to the public, this - also lets cluster admins specify the external hostname. \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - additionalTrustedCA: - description: additionalTrustedCA is a reference to a ConfigMap containing - additional CAs that should be trusted during imagestream import, - pod image pull, build image pull, and imageregistry pullthrough. - The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - allowedRegistriesForImport: - description: allowedRegistriesForImport limits the container image - registries that normal users may import images from. Set this list - to the registries that you trust to contain valid Docker images - and that you want applications to be able to import from. Users - with permission to create Images or ImageStreamMappings via the - API are not affected by this policy - typically only administrators - or system integrations will have those permissions. - items: - description: RegistryLocation contains a location of the registry - specified by the registry domain name. The domain name might include - wildcards, like '*' or '??'. - properties: - domainName: - description: domainName specifies a domain name for the registry - In case the registry use non-standard (80 or 443) port, the - port should be included in the domain name as well. - type: string - insecure: - description: insecure indicates whether the registry is secure - (https) or insecure (http) By default (if not specified) the - registry is assumed as secure. - type: boolean - type: object - type: array - externalRegistryHostnames: - description: externalRegistryHostnames provides the hostnames for - the default external image registry. The external hostname should - be set only when the image registry is exposed externally. The first - value is used in 'publicDockerImageRepository' field in ImageStreams. - The value must be in "hostname[:port]" format. - items: - type: string - type: array - registrySources: - description: registrySources contains configuration that determines - how the container runtime should treat individual registries when - accessing images for builds+pods. (e.g. whether or not to allow - insecure access). It does not contain configuration for the internal - cluster registry. - properties: - allowedRegistries: - description: "allowedRegistries are the only registries permitted - for image pull and push actions. All other registries are denied. - \n Only one of BlockedRegistries or AllowedRegistries may be - set." - items: - type: string - type: array - blockedRegistries: - description: "blockedRegistries cannot be used for image pull - and push actions. All other registries are permitted. \n Only - one of BlockedRegistries or AllowedRegistries may be set." - items: - type: string - type: array - containerRuntimeSearchRegistries: - description: 'containerRuntimeSearchRegistries are registries - that will be searched when pulling images that do not have fully - qualified domains in their pull specs. Registries will be searched - in the order provided in the list. Note: this search list only - works with the container runtime, i.e CRI-O. Will NOT work with - builds or imagestream imports.' - format: hostname - items: - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - insecureRegistries: - description: insecureRegistries are registries which do not have - a valid TLS certificates or only support HTTP connections. - items: - type: string - type: array - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - externalRegistryHostnames: - description: externalRegistryHostnames provides the hostnames for - the default external image registry. The external hostname should - be set only when the image registry is exposed externally. The first - value is used in 'publicDockerImageRepository' field in ImageStreams. - The value must be in "hostname[:port]" format. - items: - type: string - type: array - internalRegistryHostname: - description: internalRegistryHostname sets the hostname for the default - internal image registry. The value must be in "hostname[:port]" - format. This value is set by the image registry operator which controls - the internal registry hostname. - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagecontentpolicy.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagecontentpolicy.crd.yaml deleted file mode 100644 index c1945cf7a25..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagecontentpolicy.crd.yaml +++ /dev/null @@ -1,113 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/874 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: imagecontentpolicies.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ImageContentPolicy - listKind: ImageContentPolicyList - plural: imagecontentpolicies - singular: imagecontentpolicy - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ImageContentPolicy holds cluster-wide information about how - to handle registry mirror rules. When multiple policies are defined, the - outcome of the behavior is defined on each field. \n Compatibility level - 1: Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - repositoryDigestMirrors: - description: "repositoryDigestMirrors allows images referenced by - image digests in pods to be pulled from alternative mirrored repository - locations. The image pull specification provided to the pod will - be compared to the source locations described in RepositoryDigestMirrors - and the image may be pulled down from any of the mirrors in the - list instead of the specified repository allowing administrators - to choose a potentially faster mirror. To pull image from mirrors - by tags, should set the \"allowMirrorByTags\". \n Each “source” - repository is treated independently; configurations for different - “source” repositories don’t interact. \n If the \"mirrors\" is not - specified, the image will continue to be pulled from the specified - repository in the pull spec. \n When multiple policies are defined - for the same “source” repository, the sets of defined mirrors will - be merged together, preserving the relative order of the mirrors, - if possible. For example, if policy A has mirrors `a, b, c` and - policy B has mirrors `c, d, e`, the mirrors will be used in the - order `a, b, c, d, e`. If the orders of mirror entries conflict - (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the - resulting order is unspecified." - items: - description: RepositoryDigestMirrors holds cluster-wide information - about how to handle mirrors in the registries config. - properties: - allowMirrorByTags: - description: allowMirrorByTags if true, the mirrors can be used - to pull the images that are referenced by their tags. Default - is false, the mirrors only work when pulling the images that - are referenced by their digests. Pulling images by tag can - potentially yield different images, depending on which endpoint - we pull from. Forcing digest-pulls for mirrors avoids that - issue. - type: boolean - mirrors: - description: mirrors is zero or more repositories that may also - contain the same images. If the "mirrors" is not specified, - the image will continue to be pulled from the specified repository - in the pull spec. No mirror will be configured. The order - of mirrors in this list is treated as the user's desired priority, - while source is by default considered lower priority than - all mirrors. Other cluster configuration, including (but not - limited to) other repositoryDigestMirrors objects, may impact - the exact order mirrors are contacted in, or some mirrors - may be contacted in parallel, so this should be considered - a preference rather than a guarantee of ordering. - items: - pattern: ^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$ - type: string - type: array - x-kubernetes-list-type: set - source: - description: source is the repository that users refer to, e.g. - in image pull specifications. - pattern: ^(([a-zA-Z]|[a-zA-Z][a-zA-Z0-9\-]*[a-zA-Z0-9])\.)*([A-Za-z]|[A-Za-z][A-Za-z0-9\-]*[A-Za-z0-9])(:[0-9]+)?(\/[^\/:\n]+)*(\/[^\/:\n]+((:[^\/:\n]+)|(@[^\n]+)))?$ - type: string - required: - - source - type: object - type: array - x-kubernetes-list-map-keys: - - source - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagedigestmirrorset.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagedigestmirrorset.crd.yaml deleted file mode 100644 index 307ee57c65f..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagedigestmirrorset.crd.yaml +++ /dev/null @@ -1,142 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1126 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: imagedigestmirrorsets.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ImageDigestMirrorSet - listKind: ImageDigestMirrorSetList - plural: imagedigestmirrorsets - shortNames: - - idms - singular: imagedigestmirrorset - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ImageDigestMirrorSet holds cluster-wide information about how - to handle registry mirror rules on using digest pull specification. When - multiple policies are defined, the outcome of the behavior is defined on - each field. \n Compatibility level 1: Stable within a major release for - a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - imageDigestMirrors: - description: "imageDigestMirrors allows images referenced by image - digests in pods to be pulled from alternative mirrored repository - locations. The image pull specification provided to the pod will - be compared to the source locations described in imageDigestMirrors - and the image may be pulled down from any of the mirrors in the - list instead of the specified repository allowing administrators - to choose a potentially faster mirror. To use mirrors to pull images - using tag specification, users should configure a list of mirrors - using \"ImageTagMirrorSet\" CRD. \n If the image pull specification - matches the repository of \"source\" in multiple imagedigestmirrorset - objects, only the objects which define the most specific namespace - match will be used. For example, if there are objects using quay.io/libpod - and quay.io/libpod/busybox as the \"source\", only the objects using - quay.io/libpod/busybox are going to apply for pull specification - quay.io/libpod/busybox. Each “source” repository is treated independently; - configurations for different “source” repositories don’t interact. - \n If the \"mirrors\" is not specified, the image will continue - to be pulled from the specified repository in the pull spec. \n - When multiple policies are defined for the same “source” repository, - the sets of defined mirrors will be merged together, preserving - the relative order of the mirrors, if possible. For example, if - policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, - the mirrors will be used in the order `a, b, c, d, e`. If the orders - of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration - is not rejected but the resulting order is unspecified. Users who - want to use a specific order of mirrors, should configure them into - one list of mirrors using the expected order." - items: - description: ImageDigestMirrors holds cluster-wide information about - how to handle mirrors in the registries config. - properties: - mirrorSourcePolicy: - description: mirrorSourcePolicy defines the fallback policy - if fails to pull image from the mirrors. If unset, the image - will continue to be pulled from the the repository in the - pull spec. sourcePolicy is valid configuration only when one - or more mirrors are in the mirror list. - enum: - - NeverContactSource - - AllowContactingSource - type: string - mirrors: - description: 'mirrors is zero or more locations that may also - contain the same images. No mirror will be configured if not - specified. Images can be pulled from these mirrors only if - they are referenced by their digests. The mirrored location - is obtained by replacing the part of the input reference that - matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo - reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat - causes a mirror.local/redhat/product/repo repository to be - used. The order of mirrors in this list is treated as the - user''s desired priority, while source is by default considered - lower priority than all mirrors. If no mirror is specified - or all image pulls from the mirror list fail, the image will - continue to be pulled from the repository in the pull spec - unless explicitly prohibited by "mirrorSourcePolicy" Other - cluster configuration, including (but not limited to) other - imageDigestMirrors objects, may impact the exact order mirrors - are contacted in, or some mirrors may be contacted in parallel, - so this should be considered a preference rather than a guarantee - of ordering. "mirrors" uses one of the following formats: - host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo - for more information about the format, see the document about - the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table' - items: - pattern: ^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$ - type: string - type: array - x-kubernetes-list-type: set - source: - description: 'source matches the repository that users refer - to, e.g. in image pull specifications. Setting source to a - registry hostname e.g. docker.io. quay.io, or registry.redhat.io, - will match the image pull specification of corressponding - registry. "source" uses one of the following formats: host[:port] - host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo - [*.]host for more information about the format, see the document - about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table' - pattern: ^\*(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$ - type: string - required: - - source - type: object - type: array - x-kubernetes-list-type: atomic - type: object - status: - description: status contains the observed state of the resource. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagetagmirrorset.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagetagmirrorset.crd.yaml deleted file mode 100644 index 48cc7968f4c..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_imagetagmirrorset.crd.yaml +++ /dev/null @@ -1,145 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1126 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: imagetagmirrorsets.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ImageTagMirrorSet - listKind: ImageTagMirrorSetList - plural: imagetagmirrorsets - shortNames: - - itms - singular: imagetagmirrorset - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ImageTagMirrorSet holds cluster-wide information about how to - handle registry mirror rules on using tag pull specification. When multiple - policies are defined, the outcome of the behavior is defined on each field. - \n Compatibility level 1: Stable within a major release for a minimum of - 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - imageTagMirrors: - description: "imageTagMirrors allows images referenced by image tags - in pods to be pulled from alternative mirrored repository locations. - The image pull specification provided to the pod will be compared - to the source locations described in imageTagMirrors and the image - may be pulled down from any of the mirrors in the list instead of - the specified repository allowing administrators to choose a potentially - faster mirror. To use mirrors to pull images using digest specification - only, users should configure a list of mirrors using \"ImageDigestMirrorSet\" - CRD. \n If the image pull specification matches the repository of - \"source\" in multiple imagetagmirrorset objects, only the objects - which define the most specific namespace match will be used. For - example, if there are objects using quay.io/libpod and quay.io/libpod/busybox - as the \"source\", only the objects using quay.io/libpod/busybox - are going to apply for pull specification quay.io/libpod/busybox. - Each “source” repository is treated independently; configurations - for different “source” repositories don’t interact. \n If the \"mirrors\" - is not specified, the image will continue to be pulled from the - specified repository in the pull spec. \n When multiple policies - are defined for the same “source” repository, the sets of defined - mirrors will be merged together, preserving the relative order of - the mirrors, if possible. For example, if policy A has mirrors `a, - b, c` and policy B has mirrors `c, d, e`, the mirrors will be used - in the order `a, b, c, d, e`. If the orders of mirror entries conflict - (e.g. `a, b` vs. `b, a`) the configuration is not rejected but the - resulting order is unspecified. Users who want to use a deterministic - order of mirrors, should configure them into one list of mirrors - using the expected order." - items: - description: ImageTagMirrors holds cluster-wide information about - how to handle mirrors in the registries config. - properties: - mirrorSourcePolicy: - description: mirrorSourcePolicy defines the fallback policy - if fails to pull image from the mirrors. If unset, the image - will continue to be pulled from the repository in the pull - spec. sourcePolicy is valid configuration only when one or - more mirrors are in the mirror list. - enum: - - NeverContactSource - - AllowContactingSource - type: string - mirrors: - description: 'mirrors is zero or more locations that may also - contain the same images. No mirror will be configured if not - specified. Images can be pulled from these mirrors only if - they are referenced by their tags. The mirrored location is - obtained by replacing the part of the input reference that - matches source by the mirrors entry, e.g. for registry.redhat.io/product/repo - reference, a (source, mirror) pair *.redhat.io, mirror.local/redhat - causes a mirror.local/redhat/product/repo repository to be - used. Pulling images by tag can potentially yield different - images, depending on which endpoint we pull from. Configuring - a list of mirrors using "ImageDigestMirrorSet" CRD and forcing - digest-pulls for mirrors avoids that issue. The order of mirrors - in this list is treated as the user''s desired priority, while - source is by default considered lower priority than all mirrors. - If no mirror is specified or all image pulls from the mirror - list fail, the image will continue to be pulled from the repository - in the pull spec unless explicitly prohibited by "mirrorSourcePolicy". - Other cluster configuration, including (but not limited to) - other imageTagMirrors objects, may impact the exact order - mirrors are contacted in, or some mirrors may be contacted - in parallel, so this should be considered a preference rather - than a guarantee of ordering. "mirrors" uses one of the following - formats: host[:port] host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo - for more information about the format, see the document about - the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table' - items: - pattern: ^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$ - type: string - type: array - x-kubernetes-list-type: set - source: - description: 'source matches the repository that users refer - to, e.g. in image pull specifications. Setting source to a - registry hostname e.g. docker.io. quay.io, or registry.redhat.io, - will match the image pull specification of corressponding - registry. "source" uses one of the following formats: host[:port] - host[:port]/namespace[/namespace…] host[:port]/namespace[/namespace…]/repo - [*.]host for more information about the format, see the document - about the location field: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md#choosing-a-registry-toml-table' - pattern: ^\*(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$|^((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:(?:\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+)?(?::[0-9]+)?)(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$ - type: string - required: - - source - type: object - type: array - x-kubernetes-list-type: atomic - type: object - status: - description: status contains the observed state of the resource. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml deleted file mode 100644 index c6adff97bdf..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,2090 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: infrastructures.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Infrastructure - listKind: InfrastructureList - plural: infrastructures - singular: infrastructure - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Infrastructure holds cluster-wide information about Infrastructure. - \ The canonical name is `cluster` \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - cloudConfig: - description: "cloudConfig is a reference to a ConfigMap containing - the cloud provider configuration file. This configuration file is - used to configure the Kubernetes cloud provider integration when - using the built-in cloud provider integration or the external cloud - controller manager. The namespace for this config map is openshift-config. - \n cloudConfig should only be consumed by the kube_cloud_config - controller. The controller is responsible for using the user configuration - in the spec for various platforms and combining that with the user - provided ConfigMap in this field to create a stitched kube cloud - config. The controller generates a ConfigMap `kube-cloud-config` - in `openshift-config-managed` namespace with the kube cloud config - is stored in `cloud.conf` key. All the clients are expected to use - the generated ConfigMap only." - properties: - key: - description: Key allows pointing to a specific key/value inside - of the configmap. This is useful for logical file references. - type: string - name: - type: string - type: object - platformSpec: - description: platformSpec holds desired information specific to the - underlying infrastructure provider. - properties: - alibabaCloud: - description: AlibabaCloud contains settings specific to the Alibaba - Cloud infrastructure provider. - type: object - aws: - description: AWS contains settings specific to the Amazon Web - Services infrastructure provider. - properties: - serviceEndpoints: - description: serviceEndpoints list contains custom endpoints - which will override default service endpoint of AWS Services. - There must be only one ServiceEndpoint for a service. - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults of AWS Services. - properties: - name: - description: name is the name of the AWS service. The - list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - pattern: ^https:// - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - azure: - description: Azure contains settings specific to the Azure infrastructure - provider. - type: object - baremetal: - description: BareMetal contains settings specific to the BareMetal - platform. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.apiServerInternalIPs will be used. - Once set, the list cannot be completely removed (but its - second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IP - addresses, one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. Once set, - the list cannot be completely removed (but its second entry - can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 address - and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. Each network is provided - in the CIDR format and should be IPv4 or IPv6, for example - "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - equinixMetal: - description: EquinixMetal contains settings specific to the Equinix - Metal infrastructure provider. - type: object - external: - description: ExternalPlatformType represents generic infrastructure - provider. Platform-specific components should be supplemented - separately. - properties: - platformName: - default: Unknown - description: PlatformName holds the arbitrary string representing - the infrastructure provider name, expected to be set at - the installation time. This field is solely for informational - and reporting purposes and is not expected to be used for - decision-making. - type: string - x-kubernetes-validations: - - message: platform name cannot be changed once set - rule: oldSelf == 'Unknown' || self == oldSelf - type: object - gcp: - description: GCP contains settings specific to the Google Cloud - Platform infrastructure provider. - type: object - ibmcloud: - description: IBMCloud contains settings specific to the IBMCloud - infrastructure provider. - type: object - kubevirt: - description: Kubevirt contains settings specific to the kubevirt - infrastructure provider. - type: object - nutanix: - description: Nutanix contains settings specific to the Nutanix - infrastructure provider. - properties: - failureDomains: - description: failureDomains configures failure domains information - for the Nutanix platform. When set, the failure domains - defined here may be used to spread Machines across prism - element clusters to improve fault tolerance of the cluster. - items: - description: NutanixFailureDomain configures failure domain - information for the Nutanix platform. - properties: - cluster: - description: cluster is to identify the cluster (the - Prism Element under management of the Prism Central), - in which the Machine's VM will be created. The cluster - identifier (uuid or name) can be obtained from the - Prism Central console or using the prism_central API. - properties: - name: - description: name is the resource name in the PC. - It cannot be empty if the type is Name. - type: string - type: - description: type is the identifier type to use - for this resource. - enum: - - UUID - - Name - type: string - uuid: - description: uuid is the UUID of the resource in - the PC. It cannot be empty if the type is UUID. - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: uuid configuration is required when type - is UUID, and forbidden otherwise - rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) - : !has(self.uuid)' - - message: name configuration is required when type - is Name, and forbidden otherwise - rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) - : !has(self.name)' - name: - description: name defines the unique name of a failure - domain. Name is required and must be at most 64 characters - in length. It must consist of only lower case alphanumeric - characters and hyphens (-). It must start and end - with an alphanumeric character. This value is arbitrary - and is used to identify the failure domain within - the platform. - maxLength: 64 - minLength: 1 - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' - type: string - subnets: - description: subnets holds a list of identifiers (one - or more) of the cluster's network subnets for the - Machine's VM to connect to. The subnet identifiers - (uuid or name) can be obtained from the Prism Central - console or using the prism_central API. - items: - description: NutanixResourceIdentifier holds the identity - of a Nutanix PC resource (cluster, image, subnet, - etc.) - properties: - name: - description: name is the resource name in the - PC. It cannot be empty if the type is Name. - type: string - type: - description: type is the identifier type to use - for this resource. - enum: - - UUID - - Name - type: string - uuid: - description: uuid is the UUID of the resource - in the PC. It cannot be empty if the type is - UUID. - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: uuid configuration is required when type - is UUID, and forbidden otherwise - rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) - : !has(self.uuid)' - - message: name configuration is required when type - is Name, and forbidden otherwise - rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) - : !has(self.name)' - maxItems: 1 - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - required: - - cluster - - name - - subnets - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - prismCentral: - description: prismCentral holds the endpoint address and port - to access the Nutanix Prism Central. When a cluster-wide - proxy is installed, by default, this endpoint will be accessed - via the proxy. Should you wish for communication with this - endpoint not to be proxied, please add the endpoint to the - proxy spec.noProxy list. - properties: - address: - description: address is the endpoint address (DNS name - or IP address) of the Nutanix Prism Central or Element - (cluster) - maxLength: 256 - type: string - port: - description: port is the port number to access the Nutanix - Prism Central or Element (cluster) - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - prismElements: - description: prismElements holds one or more endpoint address - and port data to access the Nutanix Prism Elements (clusters) - of the Nutanix Prism Central. Currently we only support - one Prism Element (cluster) for an OpenShift cluster, where - all the Nutanix resources (VMs, subnets, volumes, etc.) - used in the OpenShift cluster are located. In the future, - we may support Nutanix resources (VMs, etc.) spread over - multiple Prism Elements (clusters) of the Prism Central. - items: - description: NutanixPrismElementEndpoint holds the name - and endpoint data for a Prism Element (cluster) - properties: - endpoint: - description: endpoint holds the endpoint address and - port data of the Prism Element (cluster). When a cluster-wide - proxy is installed, by default, this endpoint will - be accessed via the proxy. Should you wish for communication - with this endpoint not to be proxied, please add the - endpoint to the proxy spec.noProxy list. - properties: - address: - description: address is the endpoint address (DNS - name or IP address) of the Nutanix Prism Central - or Element (cluster) - maxLength: 256 - type: string - port: - description: port is the port number to access the - Nutanix Prism Central or Element (cluster) - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - name: - description: name is the name of the Prism Element (cluster). - This value will correspond with the cluster field - configured on other resources (eg Machines, PVCs, - etc). - maxLength: 256 - type: string - required: - - endpoint - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - prismCentral - - prismElements - type: object - openstack: - description: OpenStack contains settings specific to the OpenStack - infrastructure provider. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.apiServerInternalIPs will be used. - Once set, the list cannot be completely removed (but its - second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IP - addresses, one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. Once set, - the list cannot be completely removed (but its second entry - can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 address - and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. Each network is provided - in the CIDR format and should be IPv4 or IPv6, for example - "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - ovirt: - description: Ovirt contains settings specific to the oVirt infrastructure - provider. - type: object - powervs: - description: PowerVS contains settings specific to the IBM Power - Systems Virtual Servers infrastructure provider. - properties: - serviceEndpoints: - description: serviceEndpoints is a list of custom endpoints - which will override the default service endpoints of a Power - VS service. - items: - description: PowervsServiceEndpoint stores the configuration - of a custom url to override existing defaults of PowerVS - Services. - properties: - name: - description: name is the name of the Power VS service. - Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api - ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller - Power Cloud - https://cloud.ibm.com/apidocs/power-cloud - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - format: uri - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: - description: type is the underlying infrastructure provider for - the cluster. This value controls whether infrastructure automation - such as service load balancers, dynamic volume provisioning, - machine creation and deletion, and other integrations are enabled. - If None, no infrastructure automation is enabled. Allowed values - are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", - "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", - "Nutanix" and "None". Individual components may not support - all platforms, and must handle unrecognized platforms as None - if they do not support that platform. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: VSphere contains settings specific to the VSphere - infrastructure provider. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.apiServerInternalIPs will be used. - Once set, the list cannot be completely removed (but its - second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - failureDomains: - description: failureDomains contains the definition of region, - zone and the vCenter topology. If this is omitted failure - domains (regions and zones) will not be used. - items: - description: VSpherePlatformFailureDomainSpec holds the - region and zone failure domain and the vCenter topology - of that failure domain. - properties: - name: - description: name defines the arbitrary but unique name - of a failure domain. - maxLength: 256 - minLength: 1 - type: string - region: - description: region defines the name of a region tag - that will be attached to a vCenter datacenter. The - tag category in vCenter must be named openshift-region. - maxLength: 80 - minLength: 1 - type: string - server: - anyOf: - - format: ipv4 - - format: ipv6 - - format: hostname - description: server is the fully-qualified domain name - or the IP address of the vCenter server. --- - maxLength: 255 - minLength: 1 - type: string - topology: - description: Topology describes a given failure domain - using vSphere constructs - properties: - computeCluster: - description: computeCluster the absolute path of - the vCenter cluster in which virtual machine will - be located. The absolute path is of the form //host/. - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/host/.*? - type: string - datacenter: - description: datacenter is the name of vCenter datacenter - in which virtual machines will be located. The - maximum length of the datacenter name is 80 characters. - maxLength: 80 - type: string - datastore: - description: datastore is the absolute path of the - datastore in which the virtual machine is located. - The absolute path is of the form //datastore/ - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/datastore/.*? - type: string - folder: - description: folder is the absolute path of the - folder where virtual machines are located. The - absolute path is of the form //vm/. - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/vm/.*? - type: string - networks: - description: networks is the list of port group - network names within this failure domain. Currently, - we only support a single interface per RHCOS virtual - machine. The available networks (port groups) - can be listed using `govc ls 'network/*'` The - single interface should be the absolute path of - the form //network/. - items: - type: string - maxItems: 1 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - resourcePool: - description: resourcePool is the absolute path of - the resource pool where virtual machines will - be created. The absolute path is of the form //host//Resources/. - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/host/.*?/Resources.* - type: string - template: - description: "template is the full inventory path - of the virtual machine or template that will be - cloned when creating new machines in this failure - domain. The maximum length of the path is 2048 - characters. \n When omitted, the template will - be calculated by the control plane machineset - operator based on the region and zone defined - in VSpherePlatformFailureDomainSpec. For example, - for zone=zonea, region=region1, and infrastructure - name=test, the template path would be calculated - as //vm/test-rhcos-region1-zonea." - maxLength: 2048 - minLength: 1 - pattern: ^/.*?/vm/.*? - type: string - required: - - computeCluster - - datacenter - - datastore - - networks - type: object - zone: - description: zone defines the name of a zone tag that - will be attached to a vCenter cluster. The tag category - in vCenter must be named openshift-zone. - maxLength: 80 - minLength: 1 - type: string - required: - - name - - region - - server - - topology - - zone - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IP - addresses, one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. Once set, - the list cannot be completely removed (but its second entry - can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 address - and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. Each network is provided - in the CIDR format and should be IPv4 or IPv6, for example - "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeNetworking: - description: nodeNetworking contains the definition of internal - and external network constraints for assigning the node's - networking. If this field is omitted, networking defaults - to the legacy address selection behavior which is to only - support a single address and return the first one found. - properties: - external: - description: external represents the network configuration - of the node that is externally routable. - properties: - excludeNetworkSubnetCidr: - description: excludeNetworkSubnetCidr IP addresses - in subnet ranges will be excluded when selecting - the IP address from the VirtualMachine's VM for - use in the status.addresses fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: atomic - network: - description: network VirtualMachine's VM Network names - that will be used to when searching for status.addresses - fields. Note that if internal.networkSubnetCIDR - and external.networkSubnetCIDR are not set, then - the vNIC associated to this network must only have - a single IP address assigned to it. The available - networks (port groups) can be listed using `govc - ls 'network/*'` - type: string - networkSubnetCidr: - description: networkSubnetCidr IP address on VirtualMachine's - network interfaces included in the fields' CIDRs - that will be used in respective status.addresses - fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: set - type: object - internal: - description: internal represents the network configuration - of the node that is routable only within the cluster. - properties: - excludeNetworkSubnetCidr: - description: excludeNetworkSubnetCidr IP addresses - in subnet ranges will be excluded when selecting - the IP address from the VirtualMachine's VM for - use in the status.addresses fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: atomic - network: - description: network VirtualMachine's VM Network names - that will be used to when searching for status.addresses - fields. Note that if internal.networkSubnetCIDR - and external.networkSubnetCIDR are not set, then - the vNIC associated to this network must only have - a single IP address assigned to it. The available - networks (port groups) can be listed using `govc - ls 'network/*'` - type: string - networkSubnetCidr: - description: networkSubnetCidr IP address on VirtualMachine's - network interfaces included in the fields' CIDRs - that will be used in respective status.addresses - fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: set - type: object - type: object - vcenters: - description: vcenters holds the connection details for services - to communicate with vCenter. Currently, only a single vCenter - is supported. --- - items: - description: VSpherePlatformVCenterSpec stores the vCenter - connection fields. This is used by the vSphere CCM. - properties: - datacenters: - description: The vCenter Datacenters in which the RHCOS - vm guests are located. This field will be used by - the Cloud Controller Manager. Each datacenter listed - here should be used within a topology. - items: - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - port: - description: port is the TCP port that will be used - to communicate to the vCenter endpoint. When omitted, - this means the user has no opinion and it is up to - the platform to choose a sensible default, which is - subject to change over time. - format: int32 - maximum: 32767 - minimum: 1 - type: integer - server: - anyOf: - - format: ipv4 - - format: ipv6 - - format: hostname - description: server is the fully-qualified domain name - or the IP address of the vCenter server. --- - maxLength: 255 - type: string - required: - - datacenters - - server - type: object - maxItems: 1 - minItems: 0 - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - apiServerInternalURI: - description: apiServerInternalURL is a valid URI with scheme 'https', - address and optionally a port (defaulting to 443). apiServerInternalURL - can be used by components like kubelets, to contact the Kubernetes - API server using the infrastructure provider rather than Kubernetes - networking. - type: string - apiServerURL: - description: apiServerURL is a valid URI with scheme 'https', address - and optionally a port (defaulting to 443). apiServerURL can be - used by components like the web console to tell users where to find - the Kubernetes API. - type: string - controlPlaneTopology: - default: HighlyAvailable - description: controlPlaneTopology expresses the expectations for operands - that normally run on control nodes. The default is 'HighlyAvailable', - which represents the behavior operators have in a "normal" cluster. - The 'SingleReplica' mode will be used in single-node deployments - and the operators should not configure the operand for highly-available - operation The 'External' mode indicates that the control plane is - hosted externally to the cluster and that its components are not - visible within the cluster. - enum: - - HighlyAvailable - - SingleReplica - - External - type: string - cpuPartitioning: - default: None - description: cpuPartitioning expresses if CPU partitioning is a currently - enabled feature in the cluster. CPU Partitioning means that this - cluster can support partitioning workloads to specific CPU Sets. - Valid values are "None" and "AllNodes". When omitted, the default - value is "None". The default value of "None" indicates that no nodes - will be setup with CPU partitioning. The "AllNodes" value indicates - that all nodes have been setup with CPU partitioning, and can then - be further configured via the PerformanceProfile API. - enum: - - None - - AllNodes - type: string - etcdDiscoveryDomain: - description: 'etcdDiscoveryDomain is the domain used to fetch the - SRV records for discovering etcd servers and clients. For more info: - https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery - deprecated: as of 4.7, this field is no longer set or honored. It - will be removed in a future release.' - type: string - infrastructureName: - description: infrastructureName uniquely identifies a cluster with - a human friendly name. Once set it should not be changed. Must be - of max length 27 and must have only alphanumeric or hyphen characters. - type: string - infrastructureTopology: - default: HighlyAvailable - description: 'infrastructureTopology expresses the expectations for - infrastructure services that do not run on control plane nodes, - usually indicated by a node selector for a `role` value other than - `master`. The default is ''HighlyAvailable'', which represents the - behavior operators have in a "normal" cluster. The ''SingleReplica'' - mode will be used in single-node deployments and the operators should - not configure the operand for highly-available operation NOTE: External - topology mode is not applicable for this field.' - enum: - - HighlyAvailable - - SingleReplica - type: string - platform: - description: "platform is the underlying infrastructure provider for - the cluster. \n Deprecated: Use platformStatus.type instead." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - platformStatus: - description: platformStatus holds status information specific to the - underlying infrastructure provider. - properties: - alibabaCloud: - description: AlibabaCloud contains settings specific to the Alibaba - Cloud infrastructure provider. - properties: - region: - description: region specifies the region for Alibaba Cloud - resources created for the cluster. - pattern: ^[0-9A-Za-z-]+$ - type: string - resourceGroupID: - description: resourceGroupID is the ID of the resource group - for the cluster. - pattern: ^(rg-[0-9A-Za-z]+)?$ - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to Alibaba Cloud resources created for the cluster. - items: - description: AlibabaCloudResourceTag is the set of tags - to add to apply to resources. - properties: - key: - description: key is the key of the tag. - maxLength: 128 - minLength: 1 - type: string - value: - description: value is the value of the tag. - maxLength: 128 - minLength: 1 - type: string - required: - - key - - value - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - required: - - region - type: object - aws: - description: AWS contains settings specific to the Amazon Web - Services infrastructure provider. - properties: - region: - description: region holds the default AWS region for new AWS - resources created by the cluster. - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html - for information on tagging AWS resources. AWS supports a - maximum of 50 tags per resource. OpenShift reserves 25 tags - for its use, leaving 25 tags available for the user. - items: - description: AWSResourceTag is a tag to apply to AWS resources - created for the cluster. - properties: - key: - description: key is the key of the tag - maxLength: 128 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - value: - description: value is the value of the tag. Some AWS - service do not support empty values. Since tags are - added to resources in many services, the length of - the tag value must meet the requirements of all services. - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 25 - type: array - x-kubernetes-list-type: atomic - serviceEndpoints: - description: ServiceEndpoints list contains custom endpoints - which will override default service endpoint of AWS Services. - There must be only one ServiceEndpoint for a service. - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults of AWS Services. - properties: - name: - description: name is the name of the AWS service. The - list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - pattern: ^https:// - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - azure: - description: Azure contains settings specific to the Azure infrastructure - provider. - properties: - armEndpoint: - description: armEndpoint specifies a URL to use for resource - management in non-soverign clouds such as Azure Stack. - type: string - cloudName: - description: cloudName is the name of the Azure cloud environment - which can be used to configure the Azure SDK with the appropriate - Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`. - enum: - - "" - - AzurePublicCloud - - AzureUSGovernmentCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureStackCloud - type: string - networkResourceGroupName: - description: networkResourceGroupName is the Resource Group - for network resources like the Virtual Network and Subnets - used by the cluster. If empty, the value is same as ResourceGroupName. - type: string - resourceGroupName: - description: resourceGroupName is the Resource Group for new - Azure resources created for the cluster. - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags - for information on tagging Azure resources. Due to limitations - on Automation, Content Delivery Network, DNS Azure resources, - a maximum of 15 tags may be applied. OpenShift reserves - 5 tags for internal use, allowing 10 tags for user configuration. - items: - description: AzureResourceTag is a tag to apply to Azure - resources created for the cluster. - properties: - key: - description: key is the key part of the tag. A tag key - can have a maximum of 128 characters and cannot be - empty. Key must begin with a letter, end with a letter, - number or underscore, and must contain only alphanumeric - characters and the following special characters `_ - . -`. - maxLength: 128 - minLength: 1 - pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$ - type: string - value: - description: 'value is the value part of the tag. A - tag value can have a maximum of 256 characters and - cannot be empty. Value must contain only alphanumeric - characters and the following special characters `_ - + , - . / : ; < = > ? @`.' - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 10 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: resourceTags are immutable and may only be configured - during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) - type: object - x-kubernetes-validations: - - message: resourceTags may only be configured during installation - rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) - || has(oldSelf.resourceTags) && has(self.resourceTags)' - baremetal: - description: BareMetal contains settings specific to the BareMetal - platform. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on BareMetal platform which can be a - user-managed or openshift-managed load balancer that - is to be used for the OpenShift API and Ingress endpoints. - When set to OpenShiftManagedDefault the static pods - in charge of API and Ingress traffic load-balancing - defined in the machine config operator will be deployed. - When set to UserManaged these static pods will not be - deployed and it is expected that the load balancer is - configured out of band by the deployer. When omitted, - this means no opinion and the platform is left to choose - a reasonable default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for BareMetal deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - equinixMetal: - description: EquinixMetal contains settings specific to the Equinix - Metal infrastructure provider. - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. - type: string - type: object - external: - description: External contains settings specific to the generic - External infrastructure provider. - properties: - cloudControllerManager: - description: cloudControllerManager contains settings specific - to the external Cloud Controller Manager (a.k.a. CCM or - CPI). When omitted, new nodes will be not tainted and no - extra initialization from the cloud controller manager is - expected. - properties: - state: - description: "state determines whether or not an external - Cloud Controller Manager is expected to be installed - within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager - \n Valid values are \"External\", \"None\" and omitted. - When set to \"External\", new nodes will be tainted - as uninitialized when created, preventing them from - running workloads until they are initialized by the - cloud controller manager. When omitted or set to \"None\", - new nodes will be not tainted and no extra initialization - from the cloud controller manager is expected." - enum: - - "" - - External - - None - type: string - x-kubernetes-validations: - - message: state is immutable once set - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: state may not be added or removed once set - rule: (has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state) - && self.state != "External") - type: object - x-kubernetes-validations: - - message: cloudControllerManager may not be added or removed - once set - rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager) - gcp: - description: GCP contains settings specific to the Google Cloud - Platform infrastructure provider. - properties: - cloudLoadBalancerConfig: - default: - dnsType: PlatformDefault - description: cloudLoadBalancerConfig is a union that contains - the IP addresses of API, API-Int and Ingress Load Balancers - created on the cloud platform. These values would not be - populated on on-prem platforms. These Load Balancer IPs - are used to configure the in-cluster DNS instances for API, - API-Int and Ingress services. `dnsType` is expected to be - set to `ClusterHosted` when these Load Balancer IP addresses - are populated and used. - nullable: true - properties: - clusterHosted: - description: clusterHosted holds the IP addresses of API, - API-Int and Ingress Load Balancers on Cloud Platforms. - The DNS solution hosted within the cluster use these - IP addresses to provide resolution for API, API-Int - and Ingress services. - properties: - apiIntLoadBalancerIPs: - description: apiIntLoadBalancerIPs holds Load Balancer - IPs for the internal API service. These Load Balancer - IP addresses can be IPv4 and/or IPv6 addresses. - Entries in the apiIntLoadBalancerIPs must be unique. - A maximum of 16 IP addresses are permitted. - format: ip - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 16 - type: array - x-kubernetes-list-type: set - apiLoadBalancerIPs: - description: apiLoadBalancerIPs holds Load Balancer - IPs for the API service. These Load Balancer IP - addresses can be IPv4 and/or IPv6 addresses. Could - be empty for private clusters. Entries in the apiLoadBalancerIPs - must be unique. A maximum of 16 IP addresses are - permitted. - format: ip - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 16 - type: array - x-kubernetes-list-type: set - ingressLoadBalancerIPs: - description: ingressLoadBalancerIPs holds IPs for - Ingress Load Balancers. These Load Balancer IP addresses - can be IPv4 and/or IPv6 addresses. Entries in the - ingressLoadBalancerIPs must be unique. A maximum - of 16 IP addresses are permitted. - format: ip - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 16 - type: array - x-kubernetes-list-type: set - type: object - dnsType: - default: PlatformDefault - description: dnsType indicates the type of DNS solution - in use within the cluster. Its default value of `PlatformDefault` - indicates that the cluster's DNS is the default provided - by the cloud platform. It can be set to `ClusterHosted` - to bypass the configuration of the cloud default DNS. - In this mode, the cluster needs to provide a self-hosted - DNS solution for the cluster's installation to succeed. - The cluster's use of the cloud's Load Balancers is unaffected - by this setting. The value is immutable after it has - been set at install time. Currently, there is no way - for the customer to add additional DNS entries into - the cluster hosted DNS. Enabling this functionality - allows the user to start their own DNS solution outside - the cluster after installation is complete. The customer - would be responsible for configuring this custom DNS - solution, and it can be run in addition to the in-cluster - DNS solution. - enum: - - ClusterHosted - - PlatformDefault - type: string - x-kubernetes-validations: - - message: dnsType is immutable - rule: oldSelf == '' || self == oldSelf - type: object - x-kubernetes-validations: - - message: clusterHosted is permitted only when dnsType is - ClusterHosted - rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted'' - ? !has(self.clusterHosted) : true' - projectID: - description: resourceGroupName is the Project ID for new GCP - resources created for the cluster. - type: string - region: - description: region holds the region for new GCP resources - created for the cluster. - type: string - resourceLabels: - description: resourceLabels is a list of additional labels - to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources - for information on labeling GCP resources. GCP supports - a maximum of 64 labels per resource. OpenShift reserves - 32 labels for internal use, allowing 32 labels for user - configuration. - items: - description: GCPResourceLabel is a label to apply to GCP - resources created for the cluster. - properties: - key: - description: key is the key part of the label. A label - key can have a maximum of 63 characters and cannot - be empty. Label key must begin with a lowercase letter, - and must contain only lowercase letters, numeric characters, - and the following special characters `_-`. Label key - must not have the reserved prefixes `kubernetes-io` - and `openshift-io`. - maxLength: 63 - minLength: 1 - pattern: ^[a-z][0-9a-z_-]{0,62}$ - type: string - x-kubernetes-validations: - - message: label keys must not start with either `openshift-io` - or `kubernetes-io` - rule: '!self.startsWith(''openshift-io'') && !self.startsWith(''kubernetes-io'')' - value: - description: value is the value part of the label. A - label value can have a maximum of 63 characters and - cannot be empty. Value must contain only lowercase - letters, numeric characters, and the following special - characters `_-`. - maxLength: 63 - minLength: 1 - pattern: ^[0-9a-z_-]{1,63}$ - type: string - required: - - key - - value - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: resourceLabels are immutable and may only be configured - during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) - resourceTags: - description: resourceTags is a list of additional tags to - apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview - for information on tagging GCP resources. GCP supports a - maximum of 50 tags per resource. - items: - description: GCPResourceTag is a tag to apply to GCP resources - created for the cluster. - properties: - key: - description: key is the key part of the tag. A tag key - can have a maximum of 63 characters and cannot be - empty. Tag key must begin and end with an alphanumeric - character, and must contain only uppercase, lowercase - alphanumeric characters, and the following special - characters `._-`. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ - type: string - parentID: - description: 'parentID is the ID of the hierarchical - resource where the tags are defined, e.g. at the Organization - or the Project level. To find the Organization or - Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, - https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. - An OrganizationID must consist of decimal numbers, - and cannot have leading zeroes. A ProjectID must be - 6 to 30 characters in length, can only contain lowercase - letters, numbers, and hyphens, and must start with - a letter, and cannot end with a hyphen.' - maxLength: 32 - minLength: 1 - pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) - type: string - value: - description: value is the value part of the tag. A tag - value can have a maximum of 63 characters and cannot - be empty. Tag value must begin and end with an alphanumeric - character, and must contain only uppercase, lowercase - alphanumeric characters, and the following special - characters `_-.@%=+:,*#&(){}[]` and spaces. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ - type: string - required: - - key - - parentID - - value - type: object - maxItems: 50 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: resourceTags are immutable and may only be configured - during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) - type: object - x-kubernetes-validations: - - message: resourceLabels may only be configured during installation - rule: '!has(oldSelf.resourceLabels) && !has(self.resourceLabels) - || has(oldSelf.resourceLabels) && has(self.resourceLabels)' - - message: resourceTags may only be configured during installation - rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) - || has(oldSelf.resourceTags) && has(self.resourceTags)' - ibmcloud: - description: IBMCloud contains settings specific to the IBMCloud - infrastructure provider. - properties: - cisInstanceCRN: - description: CISInstanceCRN is the CRN of the Cloud Internet - Services instance managing the DNS zone for the cluster's - base domain - type: string - dnsInstanceCRN: - description: DNSInstanceCRN is the CRN of the DNS Services - instance managing the DNS zone for the cluster's base domain - type: string - location: - description: Location is where the cluster has been deployed - type: string - providerType: - description: ProviderType indicates the type of cluster that - was created - type: string - resourceGroupName: - description: ResourceGroupName is the Resource Group for new - IBMCloud resources created for the cluster. - type: string - serviceEndpoints: - description: serviceEndpoints is a list of custom endpoints - which will override the default service endpoints of an - IBM Cloud service. These endpoints are consumed by components - within the cluster to reach the respective IBM Cloud Services. - items: - description: IBMCloudServiceEndpoint stores the configuration - of a custom url to override existing defaults of IBM Cloud - Services. - properties: - name: - description: 'name is the name of the IBM Cloud service. - Possible values are: CIS, COS, DNSServices, GlobalSearch, - GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, - ResourceManager, or VPC. For example, the IBM Cloud - Private IAM service could be configured with the service - `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` - Whereas the IBM Cloud Private VPC service for US South - (Dallas) could be configured with the service `name` - of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`' - enum: - - CIS - - COS - - DNSServices - - GlobalSearch - - GlobalTagging - - HyperProtect - - IAM - - KeyProtect - - ResourceController - - ResourceManager - - VPC - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - type: string - x-kubernetes-validations: - - message: url must be a valid absolute URL - rule: isURL(self) - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - kubevirt: - description: Kubevirt contains settings specific to the kubevirt - infrastructure provider. - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. - type: string - type: object - nutanix: - description: Nutanix contains settings specific to the Nutanix - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on Nutanix platform which can be a user-managed - or openshift-managed load balancer that is to be used - for the OpenShift API and Ingress endpoints. When set - to OpenShiftManagedDefault the static pods in charge - of API and Ingress traffic load-balancing defined in - the machine config operator will be deployed. When set - to UserManaged these static pods will not be deployed - and it is expected that the load balancer is configured - out of band by the deployer. When omitted, this means - no opinion and the platform is left to choose a reasonable - default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - type: object - openstack: - description: OpenStack contains settings specific to the OpenStack - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - cloudName: - description: cloudName is the name of the desired OpenStack - cloud in the client configuration file (`clouds.yaml`). - type: string - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on OpenStack platform which can be a - user-managed or openshift-managed load balancer that - is to be used for the OpenShift API and Ingress endpoints. - When set to OpenShiftManagedDefault the static pods - in charge of API and Ingress traffic load-balancing - defined in the machine config operator will be deployed. - When set to UserManaged these static pods will not be - deployed and it is expected that the load balancer is - configured out of band by the deployer. When omitted, - this means no opinion and the platform is left to choose - a reasonable default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for OpenStack deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - ovirt: - description: Ovirt contains settings specific to the oVirt infrastructure - provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on Ovirt platform which can be a user-managed - or openshift-managed load balancer that is to be used - for the OpenShift API and Ingress endpoints. When set - to OpenShiftManagedDefault the static pods in charge - of API and Ingress traffic load-balancing defined in - the machine config operator will be deployed. When set - to UserManaged these static pods will not be deployed - and it is expected that the load balancer is configured - out of band by the deployer. When omitted, this means - no opinion and the platform is left to choose a reasonable - default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - nodeDNSIP: - description: 'deprecated: as of 4.6, this field is no longer - set or honored. It will be removed in a future release.' - type: string - type: object - powervs: - description: PowerVS contains settings specific to the Power Systems - Virtual Servers infrastructure provider. - properties: - cisInstanceCRN: - description: CISInstanceCRN is the CRN of the Cloud Internet - Services instance managing the DNS zone for the cluster's - base domain - type: string - dnsInstanceCRN: - description: DNSInstanceCRN is the CRN of the DNS Services - instance managing the DNS zone for the cluster's base domain - type: string - region: - description: region holds the default Power VS region for - new Power VS resources created by the cluster. - type: string - resourceGroup: - description: 'resourceGroup is the resource group name for - new IBMCloud resources created for a cluster. The resource - group specified here will be used by cluster-image-registry-operator - to set up a COS Instance in IBMCloud for the cluster registry. - More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. - When omitted, the image registry operator won''t be able - to configure storage, which results in the image registry - cluster operator not being in an available state.' - maxLength: 40 - pattern: ^[a-zA-Z0-9-_ ]+$ - type: string - x-kubernetes-validations: - - message: resourceGroup is immutable once set - rule: oldSelf == '' || self == oldSelf - serviceEndpoints: - description: serviceEndpoints is a list of custom endpoints - which will override the default service endpoints of a Power - VS service. - items: - description: PowervsServiceEndpoint stores the configuration - of a custom url to override existing defaults of PowerVS - Services. - properties: - name: - description: name is the name of the Power VS service. - Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api - ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller - Power Cloud - https://cloud.ibm.com/apidocs/power-cloud - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - format: uri - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - zone: - description: 'zone holds the default zone for the new Power - VS resources created by the cluster. Note: Currently only - single-zone OCP clusters are supported' - type: string - type: object - x-kubernetes-validations: - - message: cannot unset resourceGroup once set - rule: '!has(oldSelf.resourceGroup) || has(self.resourceGroup)' - type: - description: "type is the underlying infrastructure provider for - the cluster. This value controls whether infrastructure automation - such as service load balancers, dynamic volume provisioning, - machine creation and deletion, and other integrations are enabled. - If None, no infrastructure automation is enabled. Allowed values - are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", - \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", - \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components - may not support all platforms, and must handle unrecognized - platforms as None if they do not support that platform. \n This - value will be synced with to the `status.platform` and `status.platformStatus.type`. - Currently this value cannot be changed once set." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: VSphere contains settings specific to the VSphere - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on VSphere platform which can be a user-managed - or openshift-managed load balancer that is to be used - for the OpenShift API and Ingress endpoints. When set - to OpenShiftManagedDefault the static pods in charge - of API and Ingress traffic load-balancing defined in - the machine config operator will be deployed. When set - to UserManaged these static pods will not be deployed - and it is expected that the load balancer is configured - out of band by the deployer. When omitted, this means - no opinion and the platform is left to choose a reasonable - default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for vSphere deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml deleted file mode 100644 index 06ee2f71212..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-Default.crd.yaml +++ /dev/null @@ -1,1874 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: Default - name: infrastructures.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Infrastructure - listKind: InfrastructureList - plural: infrastructures - singular: infrastructure - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Infrastructure holds cluster-wide information about Infrastructure. - \ The canonical name is `cluster` \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - cloudConfig: - description: "cloudConfig is a reference to a ConfigMap containing - the cloud provider configuration file. This configuration file is - used to configure the Kubernetes cloud provider integration when - using the built-in cloud provider integration or the external cloud - controller manager. The namespace for this config map is openshift-config. - \n cloudConfig should only be consumed by the kube_cloud_config - controller. The controller is responsible for using the user configuration - in the spec for various platforms and combining that with the user - provided ConfigMap in this field to create a stitched kube cloud - config. The controller generates a ConfigMap `kube-cloud-config` - in `openshift-config-managed` namespace with the kube cloud config - is stored in `cloud.conf` key. All the clients are expected to use - the generated ConfigMap only." - properties: - key: - description: Key allows pointing to a specific key/value inside - of the configmap. This is useful for logical file references. - type: string - name: - type: string - type: object - platformSpec: - description: platformSpec holds desired information specific to the - underlying infrastructure provider. - properties: - alibabaCloud: - description: AlibabaCloud contains settings specific to the Alibaba - Cloud infrastructure provider. - type: object - aws: - description: AWS contains settings specific to the Amazon Web - Services infrastructure provider. - properties: - serviceEndpoints: - description: serviceEndpoints list contains custom endpoints - which will override default service endpoint of AWS Services. - There must be only one ServiceEndpoint for a service. - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults of AWS Services. - properties: - name: - description: name is the name of the AWS service. The - list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - pattern: ^https:// - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - azure: - description: Azure contains settings specific to the Azure infrastructure - provider. - type: object - baremetal: - description: BareMetal contains settings specific to the BareMetal - platform. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.apiServerInternalIPs will be used. - Once set, the list cannot be completely removed (but its - second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IP - addresses, one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. Once set, - the list cannot be completely removed (but its second entry - can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 address - and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. Each network is provided - in the CIDR format and should be IPv4 or IPv6, for example - "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - equinixMetal: - description: EquinixMetal contains settings specific to the Equinix - Metal infrastructure provider. - type: object - external: - description: ExternalPlatformType represents generic infrastructure - provider. Platform-specific components should be supplemented - separately. - properties: - platformName: - default: Unknown - description: PlatformName holds the arbitrary string representing - the infrastructure provider name, expected to be set at - the installation time. This field is solely for informational - and reporting purposes and is not expected to be used for - decision-making. - type: string - x-kubernetes-validations: - - message: platform name cannot be changed once set - rule: oldSelf == 'Unknown' || self == oldSelf - type: object - gcp: - description: GCP contains settings specific to the Google Cloud - Platform infrastructure provider. - type: object - ibmcloud: - description: IBMCloud contains settings specific to the IBMCloud - infrastructure provider. - type: object - kubevirt: - description: Kubevirt contains settings specific to the kubevirt - infrastructure provider. - type: object - nutanix: - description: Nutanix contains settings specific to the Nutanix - infrastructure provider. - properties: - failureDomains: - description: failureDomains configures failure domains information - for the Nutanix platform. When set, the failure domains - defined here may be used to spread Machines across prism - element clusters to improve fault tolerance of the cluster. - items: - description: NutanixFailureDomain configures failure domain - information for the Nutanix platform. - properties: - cluster: - description: cluster is to identify the cluster (the - Prism Element under management of the Prism Central), - in which the Machine's VM will be created. The cluster - identifier (uuid or name) can be obtained from the - Prism Central console or using the prism_central API. - properties: - name: - description: name is the resource name in the PC. - It cannot be empty if the type is Name. - type: string - type: - description: type is the identifier type to use - for this resource. - enum: - - UUID - - Name - type: string - uuid: - description: uuid is the UUID of the resource in - the PC. It cannot be empty if the type is UUID. - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: uuid configuration is required when type - is UUID, and forbidden otherwise - rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) - : !has(self.uuid)' - - message: name configuration is required when type - is Name, and forbidden otherwise - rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) - : !has(self.name)' - name: - description: name defines the unique name of a failure - domain. Name is required and must be at most 64 characters - in length. It must consist of only lower case alphanumeric - characters and hyphens (-). It must start and end - with an alphanumeric character. This value is arbitrary - and is used to identify the failure domain within - the platform. - maxLength: 64 - minLength: 1 - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' - type: string - subnets: - description: subnets holds a list of identifiers (one - or more) of the cluster's network subnets for the - Machine's VM to connect to. The subnet identifiers - (uuid or name) can be obtained from the Prism Central - console or using the prism_central API. - items: - description: NutanixResourceIdentifier holds the identity - of a Nutanix PC resource (cluster, image, subnet, - etc.) - properties: - name: - description: name is the resource name in the - PC. It cannot be empty if the type is Name. - type: string - type: - description: type is the identifier type to use - for this resource. - enum: - - UUID - - Name - type: string - uuid: - description: uuid is the UUID of the resource - in the PC. It cannot be empty if the type is - UUID. - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: uuid configuration is required when type - is UUID, and forbidden otherwise - rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) - : !has(self.uuid)' - - message: name configuration is required when type - is Name, and forbidden otherwise - rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) - : !has(self.name)' - maxItems: 1 - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - required: - - cluster - - name - - subnets - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - prismCentral: - description: prismCentral holds the endpoint address and port - to access the Nutanix Prism Central. When a cluster-wide - proxy is installed, by default, this endpoint will be accessed - via the proxy. Should you wish for communication with this - endpoint not to be proxied, please add the endpoint to the - proxy spec.noProxy list. - properties: - address: - description: address is the endpoint address (DNS name - or IP address) of the Nutanix Prism Central or Element - (cluster) - maxLength: 256 - type: string - port: - description: port is the port number to access the Nutanix - Prism Central or Element (cluster) - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - prismElements: - description: prismElements holds one or more endpoint address - and port data to access the Nutanix Prism Elements (clusters) - of the Nutanix Prism Central. Currently we only support - one Prism Element (cluster) for an OpenShift cluster, where - all the Nutanix resources (VMs, subnets, volumes, etc.) - used in the OpenShift cluster are located. In the future, - we may support Nutanix resources (VMs, etc.) spread over - multiple Prism Elements (clusters) of the Prism Central. - items: - description: NutanixPrismElementEndpoint holds the name - and endpoint data for a Prism Element (cluster) - properties: - endpoint: - description: endpoint holds the endpoint address and - port data of the Prism Element (cluster). When a cluster-wide - proxy is installed, by default, this endpoint will - be accessed via the proxy. Should you wish for communication - with this endpoint not to be proxied, please add the - endpoint to the proxy spec.noProxy list. - properties: - address: - description: address is the endpoint address (DNS - name or IP address) of the Nutanix Prism Central - or Element (cluster) - maxLength: 256 - type: string - port: - description: port is the port number to access the - Nutanix Prism Central or Element (cluster) - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - name: - description: name is the name of the Prism Element (cluster). - This value will correspond with the cluster field - configured on other resources (eg Machines, PVCs, - etc). - maxLength: 256 - type: string - required: - - endpoint - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - prismCentral - - prismElements - type: object - openstack: - description: OpenStack contains settings specific to the OpenStack - infrastructure provider. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.apiServerInternalIPs will be used. - Once set, the list cannot be completely removed (but its - second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IP - addresses, one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. Once set, - the list cannot be completely removed (but its second entry - can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 address - and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. Each network is provided - in the CIDR format and should be IPv4 or IPv6, for example - "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - ovirt: - description: Ovirt contains settings specific to the oVirt infrastructure - provider. - type: object - powervs: - description: PowerVS contains settings specific to the IBM Power - Systems Virtual Servers infrastructure provider. - properties: - serviceEndpoints: - description: serviceEndpoints is a list of custom endpoints - which will override the default service endpoints of a Power - VS service. - items: - description: PowervsServiceEndpoint stores the configuration - of a custom url to override existing defaults of PowerVS - Services. - properties: - name: - description: name is the name of the Power VS service. - Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api - ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller - Power Cloud - https://cloud.ibm.com/apidocs/power-cloud - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - format: uri - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: - description: type is the underlying infrastructure provider for - the cluster. This value controls whether infrastructure automation - such as service load balancers, dynamic volume provisioning, - machine creation and deletion, and other integrations are enabled. - If None, no infrastructure automation is enabled. Allowed values - are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", - "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", - "Nutanix" and "None". Individual components may not support - all platforms, and must handle unrecognized platforms as None - if they do not support that platform. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: VSphere contains settings specific to the VSphere - infrastructure provider. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.apiServerInternalIPs will be used. - Once set, the list cannot be completely removed (but its - second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - failureDomains: - description: failureDomains contains the definition of region, - zone and the vCenter topology. If this is omitted failure - domains (regions and zones) will not be used. - items: - description: VSpherePlatformFailureDomainSpec holds the - region and zone failure domain and the vCenter topology - of that failure domain. - properties: - name: - description: name defines the arbitrary but unique name - of a failure domain. - maxLength: 256 - minLength: 1 - type: string - region: - description: region defines the name of a region tag - that will be attached to a vCenter datacenter. The - tag category in vCenter must be named openshift-region. - maxLength: 80 - minLength: 1 - type: string - server: - anyOf: - - format: ipv4 - - format: ipv6 - - format: hostname - description: server is the fully-qualified domain name - or the IP address of the vCenter server. --- - maxLength: 255 - minLength: 1 - type: string - topology: - description: Topology describes a given failure domain - using vSphere constructs - properties: - computeCluster: - description: computeCluster the absolute path of - the vCenter cluster in which virtual machine will - be located. The absolute path is of the form //host/. - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/host/.*? - type: string - datacenter: - description: datacenter is the name of vCenter datacenter - in which virtual machines will be located. The - maximum length of the datacenter name is 80 characters. - maxLength: 80 - type: string - datastore: - description: datastore is the absolute path of the - datastore in which the virtual machine is located. - The absolute path is of the form //datastore/ - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/datastore/.*? - type: string - folder: - description: folder is the absolute path of the - folder where virtual machines are located. The - absolute path is of the form //vm/. - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/vm/.*? - type: string - networks: - description: networks is the list of port group - network names within this failure domain. Currently, - we only support a single interface per RHCOS virtual - machine. The available networks (port groups) - can be listed using `govc ls 'network/*'` The - single interface should be the absolute path of - the form //network/. - items: - type: string - maxItems: 1 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - resourcePool: - description: resourcePool is the absolute path of - the resource pool where virtual machines will - be created. The absolute path is of the form //host//Resources/. - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/host/.*?/Resources.* - type: string - template: - description: "template is the full inventory path - of the virtual machine or template that will be - cloned when creating new machines in this failure - domain. The maximum length of the path is 2048 - characters. \n When omitted, the template will - be calculated by the control plane machineset - operator based on the region and zone defined - in VSpherePlatformFailureDomainSpec. For example, - for zone=zonea, region=region1, and infrastructure - name=test, the template path would be calculated - as //vm/test-rhcos-region1-zonea." - maxLength: 2048 - minLength: 1 - pattern: ^/.*?/vm/.*? - type: string - required: - - computeCluster - - datacenter - - datastore - - networks - type: object - zone: - description: zone defines the name of a zone tag that - will be attached to a vCenter cluster. The tag category - in vCenter must be named openshift-zone. - maxLength: 80 - minLength: 1 - type: string - required: - - name - - region - - server - - topology - - zone - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IP - addresses, one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. Once set, - the list cannot be completely removed (but its second entry - can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 address - and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. Each network is provided - in the CIDR format and should be IPv4 or IPv6, for example - "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeNetworking: - description: nodeNetworking contains the definition of internal - and external network constraints for assigning the node's - networking. If this field is omitted, networking defaults - to the legacy address selection behavior which is to only - support a single address and return the first one found. - properties: - external: - description: external represents the network configuration - of the node that is externally routable. - properties: - excludeNetworkSubnetCidr: - description: excludeNetworkSubnetCidr IP addresses - in subnet ranges will be excluded when selecting - the IP address from the VirtualMachine's VM for - use in the status.addresses fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: atomic - network: - description: network VirtualMachine's VM Network names - that will be used to when searching for status.addresses - fields. Note that if internal.networkSubnetCIDR - and external.networkSubnetCIDR are not set, then - the vNIC associated to this network must only have - a single IP address assigned to it. The available - networks (port groups) can be listed using `govc - ls 'network/*'` - type: string - networkSubnetCidr: - description: networkSubnetCidr IP address on VirtualMachine's - network interfaces included in the fields' CIDRs - that will be used in respective status.addresses - fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: set - type: object - internal: - description: internal represents the network configuration - of the node that is routable only within the cluster. - properties: - excludeNetworkSubnetCidr: - description: excludeNetworkSubnetCidr IP addresses - in subnet ranges will be excluded when selecting - the IP address from the VirtualMachine's VM for - use in the status.addresses fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: atomic - network: - description: network VirtualMachine's VM Network names - that will be used to when searching for status.addresses - fields. Note that if internal.networkSubnetCIDR - and external.networkSubnetCIDR are not set, then - the vNIC associated to this network must only have - a single IP address assigned to it. The available - networks (port groups) can be listed using `govc - ls 'network/*'` - type: string - networkSubnetCidr: - description: networkSubnetCidr IP address on VirtualMachine's - network interfaces included in the fields' CIDRs - that will be used in respective status.addresses - fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: set - type: object - type: object - vcenters: - description: vcenters holds the connection details for services - to communicate with vCenter. Currently, only a single vCenter - is supported. --- - items: - description: VSpherePlatformVCenterSpec stores the vCenter - connection fields. This is used by the vSphere CCM. - properties: - datacenters: - description: The vCenter Datacenters in which the RHCOS - vm guests are located. This field will be used by - the Cloud Controller Manager. Each datacenter listed - here should be used within a topology. - items: - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - port: - description: port is the TCP port that will be used - to communicate to the vCenter endpoint. When omitted, - this means the user has no opinion and it is up to - the platform to choose a sensible default, which is - subject to change over time. - format: int32 - maximum: 32767 - minimum: 1 - type: integer - server: - anyOf: - - format: ipv4 - - format: ipv6 - - format: hostname - description: server is the fully-qualified domain name - or the IP address of the vCenter server. --- - maxLength: 255 - type: string - required: - - datacenters - - server - type: object - maxItems: 1 - minItems: 0 - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - apiServerInternalURI: - description: apiServerInternalURL is a valid URI with scheme 'https', - address and optionally a port (defaulting to 443). apiServerInternalURL - can be used by components like kubelets, to contact the Kubernetes - API server using the infrastructure provider rather than Kubernetes - networking. - type: string - apiServerURL: - description: apiServerURL is a valid URI with scheme 'https', address - and optionally a port (defaulting to 443). apiServerURL can be - used by components like the web console to tell users where to find - the Kubernetes API. - type: string - controlPlaneTopology: - default: HighlyAvailable - description: controlPlaneTopology expresses the expectations for operands - that normally run on control nodes. The default is 'HighlyAvailable', - which represents the behavior operators have in a "normal" cluster. - The 'SingleReplica' mode will be used in single-node deployments - and the operators should not configure the operand for highly-available - operation The 'External' mode indicates that the control plane is - hosted externally to the cluster and that its components are not - visible within the cluster. - enum: - - HighlyAvailable - - SingleReplica - - External - type: string - cpuPartitioning: - default: None - description: cpuPartitioning expresses if CPU partitioning is a currently - enabled feature in the cluster. CPU Partitioning means that this - cluster can support partitioning workloads to specific CPU Sets. - Valid values are "None" and "AllNodes". When omitted, the default - value is "None". The default value of "None" indicates that no nodes - will be setup with CPU partitioning. The "AllNodes" value indicates - that all nodes have been setup with CPU partitioning, and can then - be further configured via the PerformanceProfile API. - enum: - - None - - AllNodes - type: string - etcdDiscoveryDomain: - description: 'etcdDiscoveryDomain is the domain used to fetch the - SRV records for discovering etcd servers and clients. For more info: - https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery - deprecated: as of 4.7, this field is no longer set or honored. It - will be removed in a future release.' - type: string - infrastructureName: - description: infrastructureName uniquely identifies a cluster with - a human friendly name. Once set it should not be changed. Must be - of max length 27 and must have only alphanumeric or hyphen characters. - type: string - infrastructureTopology: - default: HighlyAvailable - description: 'infrastructureTopology expresses the expectations for - infrastructure services that do not run on control plane nodes, - usually indicated by a node selector for a `role` value other than - `master`. The default is ''HighlyAvailable'', which represents the - behavior operators have in a "normal" cluster. The ''SingleReplica'' - mode will be used in single-node deployments and the operators should - not configure the operand for highly-available operation NOTE: External - topology mode is not applicable for this field.' - enum: - - HighlyAvailable - - SingleReplica - type: string - platform: - description: "platform is the underlying infrastructure provider for - the cluster. \n Deprecated: Use platformStatus.type instead." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - platformStatus: - description: platformStatus holds status information specific to the - underlying infrastructure provider. - properties: - alibabaCloud: - description: AlibabaCloud contains settings specific to the Alibaba - Cloud infrastructure provider. - properties: - region: - description: region specifies the region for Alibaba Cloud - resources created for the cluster. - pattern: ^[0-9A-Za-z-]+$ - type: string - resourceGroupID: - description: resourceGroupID is the ID of the resource group - for the cluster. - pattern: ^(rg-[0-9A-Za-z]+)?$ - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to Alibaba Cloud resources created for the cluster. - items: - description: AlibabaCloudResourceTag is the set of tags - to add to apply to resources. - properties: - key: - description: key is the key of the tag. - maxLength: 128 - minLength: 1 - type: string - value: - description: value is the value of the tag. - maxLength: 128 - minLength: 1 - type: string - required: - - key - - value - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - required: - - region - type: object - aws: - description: AWS contains settings specific to the Amazon Web - Services infrastructure provider. - properties: - region: - description: region holds the default AWS region for new AWS - resources created by the cluster. - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html - for information on tagging AWS resources. AWS supports a - maximum of 50 tags per resource. OpenShift reserves 25 tags - for its use, leaving 25 tags available for the user. - items: - description: AWSResourceTag is a tag to apply to AWS resources - created for the cluster. - properties: - key: - description: key is the key of the tag - maxLength: 128 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - value: - description: value is the value of the tag. Some AWS - service do not support empty values. Since tags are - added to resources in many services, the length of - the tag value must meet the requirements of all services. - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 25 - type: array - x-kubernetes-list-type: atomic - serviceEndpoints: - description: ServiceEndpoints list contains custom endpoints - which will override default service endpoint of AWS Services. - There must be only one ServiceEndpoint for a service. - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults of AWS Services. - properties: - name: - description: name is the name of the AWS service. The - list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - pattern: ^https:// - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - azure: - description: Azure contains settings specific to the Azure infrastructure - provider. - properties: - armEndpoint: - description: armEndpoint specifies a URL to use for resource - management in non-soverign clouds such as Azure Stack. - type: string - cloudName: - description: cloudName is the name of the Azure cloud environment - which can be used to configure the Azure SDK with the appropriate - Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`. - enum: - - "" - - AzurePublicCloud - - AzureUSGovernmentCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureStackCloud - type: string - networkResourceGroupName: - description: networkResourceGroupName is the Resource Group - for network resources like the Virtual Network and Subnets - used by the cluster. If empty, the value is same as ResourceGroupName. - type: string - resourceGroupName: - description: resourceGroupName is the Resource Group for new - Azure resources created for the cluster. - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags - for information on tagging Azure resources. Due to limitations - on Automation, Content Delivery Network, DNS Azure resources, - a maximum of 15 tags may be applied. OpenShift reserves - 5 tags for internal use, allowing 10 tags for user configuration. - items: - description: AzureResourceTag is a tag to apply to Azure - resources created for the cluster. - properties: - key: - description: key is the key part of the tag. A tag key - can have a maximum of 128 characters and cannot be - empty. Key must begin with a letter, end with a letter, - number or underscore, and must contain only alphanumeric - characters and the following special characters `_ - . -`. - maxLength: 128 - minLength: 1 - pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$ - type: string - value: - description: 'value is the value part of the tag. A - tag value can have a maximum of 256 characters and - cannot be empty. Value must contain only alphanumeric - characters and the following special characters `_ - + , - . / : ; < = > ? @`.' - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 10 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: resourceTags are immutable and may only be configured - during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) - type: object - x-kubernetes-validations: - - message: resourceTags may only be configured during installation - rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) - || has(oldSelf.resourceTags) && has(self.resourceTags)' - baremetal: - description: BareMetal contains settings specific to the BareMetal - platform. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on BareMetal platform which can be a - user-managed or openshift-managed load balancer that - is to be used for the OpenShift API and Ingress endpoints. - When set to OpenShiftManagedDefault the static pods - in charge of API and Ingress traffic load-balancing - defined in the machine config operator will be deployed. - When set to UserManaged these static pods will not be - deployed and it is expected that the load balancer is - configured out of band by the deployer. When omitted, - this means no opinion and the platform is left to choose - a reasonable default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for BareMetal deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - equinixMetal: - description: EquinixMetal contains settings specific to the Equinix - Metal infrastructure provider. - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. - type: string - type: object - external: - description: External contains settings specific to the generic - External infrastructure provider. - properties: - cloudControllerManager: - description: cloudControllerManager contains settings specific - to the external Cloud Controller Manager (a.k.a. CCM or - CPI). When omitted, new nodes will be not tainted and no - extra initialization from the cloud controller manager is - expected. - properties: - state: - description: "state determines whether or not an external - Cloud Controller Manager is expected to be installed - within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager - \n Valid values are \"External\", \"None\" and omitted. - When set to \"External\", new nodes will be tainted - as uninitialized when created, preventing them from - running workloads until they are initialized by the - cloud controller manager. When omitted or set to \"None\", - new nodes will be not tainted and no extra initialization - from the cloud controller manager is expected." - enum: - - "" - - External - - None - type: string - x-kubernetes-validations: - - message: state is immutable once set - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: state may not be added or removed once set - rule: (has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state) - && self.state != "External") - type: object - x-kubernetes-validations: - - message: cloudControllerManager may not be added or removed - once set - rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager) - gcp: - description: GCP contains settings specific to the Google Cloud - Platform infrastructure provider. - properties: - projectID: - description: resourceGroupName is the Project ID for new GCP - resources created for the cluster. - type: string - region: - description: region holds the region for new GCP resources - created for the cluster. - type: string - type: object - ibmcloud: - description: IBMCloud contains settings specific to the IBMCloud - infrastructure provider. - properties: - cisInstanceCRN: - description: CISInstanceCRN is the CRN of the Cloud Internet - Services instance managing the DNS zone for the cluster's - base domain - type: string - dnsInstanceCRN: - description: DNSInstanceCRN is the CRN of the DNS Services - instance managing the DNS zone for the cluster's base domain - type: string - location: - description: Location is where the cluster has been deployed - type: string - providerType: - description: ProviderType indicates the type of cluster that - was created - type: string - resourceGroupName: - description: ResourceGroupName is the Resource Group for new - IBMCloud resources created for the cluster. - type: string - serviceEndpoints: - description: serviceEndpoints is a list of custom endpoints - which will override the default service endpoints of an - IBM Cloud service. These endpoints are consumed by components - within the cluster to reach the respective IBM Cloud Services. - items: - description: IBMCloudServiceEndpoint stores the configuration - of a custom url to override existing defaults of IBM Cloud - Services. - properties: - name: - description: 'name is the name of the IBM Cloud service. - Possible values are: CIS, COS, DNSServices, GlobalSearch, - GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, - ResourceManager, or VPC. For example, the IBM Cloud - Private IAM service could be configured with the service - `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` - Whereas the IBM Cloud Private VPC service for US South - (Dallas) could be configured with the service `name` - of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`' - enum: - - CIS - - COS - - DNSServices - - GlobalSearch - - GlobalTagging - - HyperProtect - - IAM - - KeyProtect - - ResourceController - - ResourceManager - - VPC - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - type: string - x-kubernetes-validations: - - message: url must be a valid absolute URL - rule: isURL(self) - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - kubevirt: - description: Kubevirt contains settings specific to the kubevirt - infrastructure provider. - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. - type: string - type: object - nutanix: - description: Nutanix contains settings specific to the Nutanix - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on Nutanix platform which can be a user-managed - or openshift-managed load balancer that is to be used - for the OpenShift API and Ingress endpoints. When set - to OpenShiftManagedDefault the static pods in charge - of API and Ingress traffic load-balancing defined in - the machine config operator will be deployed. When set - to UserManaged these static pods will not be deployed - and it is expected that the load balancer is configured - out of band by the deployer. When omitted, this means - no opinion and the platform is left to choose a reasonable - default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - type: object - openstack: - description: OpenStack contains settings specific to the OpenStack - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - cloudName: - description: cloudName is the name of the desired OpenStack - cloud in the client configuration file (`clouds.yaml`). - type: string - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on OpenStack platform which can be a - user-managed or openshift-managed load balancer that - is to be used for the OpenShift API and Ingress endpoints. - When set to OpenShiftManagedDefault the static pods - in charge of API and Ingress traffic load-balancing - defined in the machine config operator will be deployed. - When set to UserManaged these static pods will not be - deployed and it is expected that the load balancer is - configured out of band by the deployer. When omitted, - this means no opinion and the platform is left to choose - a reasonable default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for OpenStack deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - ovirt: - description: Ovirt contains settings specific to the oVirt infrastructure - provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on Ovirt platform which can be a user-managed - or openshift-managed load balancer that is to be used - for the OpenShift API and Ingress endpoints. When set - to OpenShiftManagedDefault the static pods in charge - of API and Ingress traffic load-balancing defined in - the machine config operator will be deployed. When set - to UserManaged these static pods will not be deployed - and it is expected that the load balancer is configured - out of band by the deployer. When omitted, this means - no opinion and the platform is left to choose a reasonable - default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - nodeDNSIP: - description: 'deprecated: as of 4.6, this field is no longer - set or honored. It will be removed in a future release.' - type: string - type: object - powervs: - description: PowerVS contains settings specific to the Power Systems - Virtual Servers infrastructure provider. - properties: - cisInstanceCRN: - description: CISInstanceCRN is the CRN of the Cloud Internet - Services instance managing the DNS zone for the cluster's - base domain - type: string - dnsInstanceCRN: - description: DNSInstanceCRN is the CRN of the DNS Services - instance managing the DNS zone for the cluster's base domain - type: string - region: - description: region holds the default Power VS region for - new Power VS resources created by the cluster. - type: string - resourceGroup: - description: 'resourceGroup is the resource group name for - new IBMCloud resources created for a cluster. The resource - group specified here will be used by cluster-image-registry-operator - to set up a COS Instance in IBMCloud for the cluster registry. - More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. - When omitted, the image registry operator won''t be able - to configure storage, which results in the image registry - cluster operator not being in an available state.' - maxLength: 40 - pattern: ^[a-zA-Z0-9-_ ]+$ - type: string - x-kubernetes-validations: - - message: resourceGroup is immutable once set - rule: oldSelf == '' || self == oldSelf - serviceEndpoints: - description: serviceEndpoints is a list of custom endpoints - which will override the default service endpoints of a Power - VS service. - items: - description: PowervsServiceEndpoint stores the configuration - of a custom url to override existing defaults of PowerVS - Services. - properties: - name: - description: name is the name of the Power VS service. - Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api - ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller - Power Cloud - https://cloud.ibm.com/apidocs/power-cloud - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - format: uri - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - zone: - description: 'zone holds the default zone for the new Power - VS resources created by the cluster. Note: Currently only - single-zone OCP clusters are supported' - type: string - type: object - x-kubernetes-validations: - - message: cannot unset resourceGroup once set - rule: '!has(oldSelf.resourceGroup) || has(self.resourceGroup)' - type: - description: "type is the underlying infrastructure provider for - the cluster. This value controls whether infrastructure automation - such as service load balancers, dynamic volume provisioning, - machine creation and deletion, and other integrations are enabled. - If None, no infrastructure automation is enabled. Allowed values - are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", - \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", - \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components - may not support all platforms, and must handle unrecognized - platforms as None if they do not support that platform. \n This - value will be synced with to the `status.platform` and `status.platformStatus.type`. - Currently this value cannot be changed once set." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: VSphere contains settings specific to the VSphere - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on VSphere platform which can be a user-managed - or openshift-managed load balancer that is to be used - for the OpenShift API and Ingress endpoints. When set - to OpenShiftManagedDefault the static pods in charge - of API and Ingress traffic load-balancing defined in - the machine config operator will be deployed. When set - to UserManaged these static pods will not be deployed - and it is expected that the load balancer is configured - out of band by the deployer. When omitted, this means - no opinion and the platform is left to choose a reasonable - default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for vSphere deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index fc098e9d69c..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,2090 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: infrastructures.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Infrastructure - listKind: InfrastructureList - plural: infrastructures - singular: infrastructure - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Infrastructure holds cluster-wide information about Infrastructure. - \ The canonical name is `cluster` \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - cloudConfig: - description: "cloudConfig is a reference to a ConfigMap containing - the cloud provider configuration file. This configuration file is - used to configure the Kubernetes cloud provider integration when - using the built-in cloud provider integration or the external cloud - controller manager. The namespace for this config map is openshift-config. - \n cloudConfig should only be consumed by the kube_cloud_config - controller. The controller is responsible for using the user configuration - in the spec for various platforms and combining that with the user - provided ConfigMap in this field to create a stitched kube cloud - config. The controller generates a ConfigMap `kube-cloud-config` - in `openshift-config-managed` namespace with the kube cloud config - is stored in `cloud.conf` key. All the clients are expected to use - the generated ConfigMap only." - properties: - key: - description: Key allows pointing to a specific key/value inside - of the configmap. This is useful for logical file references. - type: string - name: - type: string - type: object - platformSpec: - description: platformSpec holds desired information specific to the - underlying infrastructure provider. - properties: - alibabaCloud: - description: AlibabaCloud contains settings specific to the Alibaba - Cloud infrastructure provider. - type: object - aws: - description: AWS contains settings specific to the Amazon Web - Services infrastructure provider. - properties: - serviceEndpoints: - description: serviceEndpoints list contains custom endpoints - which will override default service endpoint of AWS Services. - There must be only one ServiceEndpoint for a service. - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults of AWS Services. - properties: - name: - description: name is the name of the AWS service. The - list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - pattern: ^https:// - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - azure: - description: Azure contains settings specific to the Azure infrastructure - provider. - type: object - baremetal: - description: BareMetal contains settings specific to the BareMetal - platform. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.apiServerInternalIPs will be used. - Once set, the list cannot be completely removed (but its - second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IP - addresses, one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. Once set, - the list cannot be completely removed (but its second entry - can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 address - and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. Each network is provided - in the CIDR format and should be IPv4 or IPv6, for example - "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - equinixMetal: - description: EquinixMetal contains settings specific to the Equinix - Metal infrastructure provider. - type: object - external: - description: ExternalPlatformType represents generic infrastructure - provider. Platform-specific components should be supplemented - separately. - properties: - platformName: - default: Unknown - description: PlatformName holds the arbitrary string representing - the infrastructure provider name, expected to be set at - the installation time. This field is solely for informational - and reporting purposes and is not expected to be used for - decision-making. - type: string - x-kubernetes-validations: - - message: platform name cannot be changed once set - rule: oldSelf == 'Unknown' || self == oldSelf - type: object - gcp: - description: GCP contains settings specific to the Google Cloud - Platform infrastructure provider. - type: object - ibmcloud: - description: IBMCloud contains settings specific to the IBMCloud - infrastructure provider. - type: object - kubevirt: - description: Kubevirt contains settings specific to the kubevirt - infrastructure provider. - type: object - nutanix: - description: Nutanix contains settings specific to the Nutanix - infrastructure provider. - properties: - failureDomains: - description: failureDomains configures failure domains information - for the Nutanix platform. When set, the failure domains - defined here may be used to spread Machines across prism - element clusters to improve fault tolerance of the cluster. - items: - description: NutanixFailureDomain configures failure domain - information for the Nutanix platform. - properties: - cluster: - description: cluster is to identify the cluster (the - Prism Element under management of the Prism Central), - in which the Machine's VM will be created. The cluster - identifier (uuid or name) can be obtained from the - Prism Central console or using the prism_central API. - properties: - name: - description: name is the resource name in the PC. - It cannot be empty if the type is Name. - type: string - type: - description: type is the identifier type to use - for this resource. - enum: - - UUID - - Name - type: string - uuid: - description: uuid is the UUID of the resource in - the PC. It cannot be empty if the type is UUID. - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: uuid configuration is required when type - is UUID, and forbidden otherwise - rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) - : !has(self.uuid)' - - message: name configuration is required when type - is Name, and forbidden otherwise - rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) - : !has(self.name)' - name: - description: name defines the unique name of a failure - domain. Name is required and must be at most 64 characters - in length. It must consist of only lower case alphanumeric - characters and hyphens (-). It must start and end - with an alphanumeric character. This value is arbitrary - and is used to identify the failure domain within - the platform. - maxLength: 64 - minLength: 1 - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' - type: string - subnets: - description: subnets holds a list of identifiers (one - or more) of the cluster's network subnets for the - Machine's VM to connect to. The subnet identifiers - (uuid or name) can be obtained from the Prism Central - console or using the prism_central API. - items: - description: NutanixResourceIdentifier holds the identity - of a Nutanix PC resource (cluster, image, subnet, - etc.) - properties: - name: - description: name is the resource name in the - PC. It cannot be empty if the type is Name. - type: string - type: - description: type is the identifier type to use - for this resource. - enum: - - UUID - - Name - type: string - uuid: - description: uuid is the UUID of the resource - in the PC. It cannot be empty if the type is - UUID. - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: uuid configuration is required when type - is UUID, and forbidden otherwise - rule: 'has(self.type) && self.type == ''UUID'' ? has(self.uuid) - : !has(self.uuid)' - - message: name configuration is required when type - is Name, and forbidden otherwise - rule: 'has(self.type) && self.type == ''Name'' ? has(self.name) - : !has(self.name)' - maxItems: 1 - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - required: - - cluster - - name - - subnets - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - prismCentral: - description: prismCentral holds the endpoint address and port - to access the Nutanix Prism Central. When a cluster-wide - proxy is installed, by default, this endpoint will be accessed - via the proxy. Should you wish for communication with this - endpoint not to be proxied, please add the endpoint to the - proxy spec.noProxy list. - properties: - address: - description: address is the endpoint address (DNS name - or IP address) of the Nutanix Prism Central or Element - (cluster) - maxLength: 256 - type: string - port: - description: port is the port number to access the Nutanix - Prism Central or Element (cluster) - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - prismElements: - description: prismElements holds one or more endpoint address - and port data to access the Nutanix Prism Elements (clusters) - of the Nutanix Prism Central. Currently we only support - one Prism Element (cluster) for an OpenShift cluster, where - all the Nutanix resources (VMs, subnets, volumes, etc.) - used in the OpenShift cluster are located. In the future, - we may support Nutanix resources (VMs, etc.) spread over - multiple Prism Elements (clusters) of the Prism Central. - items: - description: NutanixPrismElementEndpoint holds the name - and endpoint data for a Prism Element (cluster) - properties: - endpoint: - description: endpoint holds the endpoint address and - port data of the Prism Element (cluster). When a cluster-wide - proxy is installed, by default, this endpoint will - be accessed via the proxy. Should you wish for communication - with this endpoint not to be proxied, please add the - endpoint to the proxy spec.noProxy list. - properties: - address: - description: address is the endpoint address (DNS - name or IP address) of the Nutanix Prism Central - or Element (cluster) - maxLength: 256 - type: string - port: - description: port is the port number to access the - Nutanix Prism Central or Element (cluster) - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - name: - description: name is the name of the Prism Element (cluster). - This value will correspond with the cluster field - configured on other resources (eg Machines, PVCs, - etc). - maxLength: 256 - type: string - required: - - endpoint - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - prismCentral - - prismElements - type: object - openstack: - description: OpenStack contains settings specific to the OpenStack - infrastructure provider. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.apiServerInternalIPs will be used. - Once set, the list cannot be completely removed (but its - second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IP - addresses, one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. Once set, - the list cannot be completely removed (but its second entry - can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 address - and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. Each network is provided - in the CIDR format and should be IPv4 or IPv6, for example - "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - ovirt: - description: Ovirt contains settings specific to the oVirt infrastructure - provider. - type: object - powervs: - description: PowerVS contains settings specific to the IBM Power - Systems Virtual Servers infrastructure provider. - properties: - serviceEndpoints: - description: serviceEndpoints is a list of custom endpoints - which will override the default service endpoints of a Power - VS service. - items: - description: PowervsServiceEndpoint stores the configuration - of a custom url to override existing defaults of PowerVS - Services. - properties: - name: - description: name is the name of the Power VS service. - Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api - ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller - Power Cloud - https://cloud.ibm.com/apidocs/power-cloud - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - format: uri - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: - description: type is the underlying infrastructure provider for - the cluster. This value controls whether infrastructure automation - such as service load balancers, dynamic volume provisioning, - machine creation and deletion, and other integrations are enabled. - If None, no infrastructure automation is enabled. Allowed values - are "AWS", "Azure", "BareMetal", "GCP", "Libvirt", "OpenStack", - "VSphere", "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", - "Nutanix" and "None". Individual components may not support - all platforms, and must handle unrecognized platforms as None - if they do not support that platform. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: VSphere contains settings specific to the VSphere - infrastructure provider. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.apiServerInternalIPs will be used. - Once set, the list cannot be completely removed (but its - second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - failureDomains: - description: failureDomains contains the definition of region, - zone and the vCenter topology. If this is omitted failure - domains (regions and zones) will not be used. - items: - description: VSpherePlatformFailureDomainSpec holds the - region and zone failure domain and the vCenter topology - of that failure domain. - properties: - name: - description: name defines the arbitrary but unique name - of a failure domain. - maxLength: 256 - minLength: 1 - type: string - region: - description: region defines the name of a region tag - that will be attached to a vCenter datacenter. The - tag category in vCenter must be named openshift-region. - maxLength: 80 - minLength: 1 - type: string - server: - anyOf: - - format: ipv4 - - format: ipv6 - - format: hostname - description: server is the fully-qualified domain name - or the IP address of the vCenter server. --- - maxLength: 255 - minLength: 1 - type: string - topology: - description: Topology describes a given failure domain - using vSphere constructs - properties: - computeCluster: - description: computeCluster the absolute path of - the vCenter cluster in which virtual machine will - be located. The absolute path is of the form //host/. - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/host/.*? - type: string - datacenter: - description: datacenter is the name of vCenter datacenter - in which virtual machines will be located. The - maximum length of the datacenter name is 80 characters. - maxLength: 80 - type: string - datastore: - description: datastore is the absolute path of the - datastore in which the virtual machine is located. - The absolute path is of the form //datastore/ - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/datastore/.*? - type: string - folder: - description: folder is the absolute path of the - folder where virtual machines are located. The - absolute path is of the form //vm/. - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/vm/.*? - type: string - networks: - description: networks is the list of port group - network names within this failure domain. Currently, - we only support a single interface per RHCOS virtual - machine. The available networks (port groups) - can be listed using `govc ls 'network/*'` The - single interface should be the absolute path of - the form //network/. - items: - type: string - maxItems: 1 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - resourcePool: - description: resourcePool is the absolute path of - the resource pool where virtual machines will - be created. The absolute path is of the form //host//Resources/. - The maximum length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/host/.*?/Resources.* - type: string - template: - description: "template is the full inventory path - of the virtual machine or template that will be - cloned when creating new machines in this failure - domain. The maximum length of the path is 2048 - characters. \n When omitted, the template will - be calculated by the control plane machineset - operator based on the region and zone defined - in VSpherePlatformFailureDomainSpec. For example, - for zone=zonea, region=region1, and infrastructure - name=test, the template path would be calculated - as //vm/test-rhcos-region1-zonea." - maxLength: 2048 - minLength: 1 - pattern: ^/.*?/vm/.*? - type: string - required: - - computeCluster - - datacenter - - datastore - - networks - type: object - zone: - description: zone defines the name of a zone tag that - will be attached to a vCenter cluster. The tag category - in vCenter must be named openshift-zone. - maxLength: 80 - minLength: 1 - type: string - required: - - name - - region - - server - - topology - - zone - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IP - addresses, one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. Once set, - the list cannot be completely removed (but its second entry - can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 address - and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. Each network is provided - in the CIDR format and should be IPv4 or IPv6, for example - "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeNetworking: - description: nodeNetworking contains the definition of internal - and external network constraints for assigning the node's - networking. If this field is omitted, networking defaults - to the legacy address selection behavior which is to only - support a single address and return the first one found. - properties: - external: - description: external represents the network configuration - of the node that is externally routable. - properties: - excludeNetworkSubnetCidr: - description: excludeNetworkSubnetCidr IP addresses - in subnet ranges will be excluded when selecting - the IP address from the VirtualMachine's VM for - use in the status.addresses fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: atomic - network: - description: network VirtualMachine's VM Network names - that will be used to when searching for status.addresses - fields. Note that if internal.networkSubnetCIDR - and external.networkSubnetCIDR are not set, then - the vNIC associated to this network must only have - a single IP address assigned to it. The available - networks (port groups) can be listed using `govc - ls 'network/*'` - type: string - networkSubnetCidr: - description: networkSubnetCidr IP address on VirtualMachine's - network interfaces included in the fields' CIDRs - that will be used in respective status.addresses - fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: set - type: object - internal: - description: internal represents the network configuration - of the node that is routable only within the cluster. - properties: - excludeNetworkSubnetCidr: - description: excludeNetworkSubnetCidr IP addresses - in subnet ranges will be excluded when selecting - the IP address from the VirtualMachine's VM for - use in the status.addresses fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: atomic - network: - description: network VirtualMachine's VM Network names - that will be used to when searching for status.addresses - fields. Note that if internal.networkSubnetCIDR - and external.networkSubnetCIDR are not set, then - the vNIC associated to this network must only have - a single IP address assigned to it. The available - networks (port groups) can be listed using `govc - ls 'network/*'` - type: string - networkSubnetCidr: - description: networkSubnetCidr IP address on VirtualMachine's - network interfaces included in the fields' CIDRs - that will be used in respective status.addresses - fields. --- - items: - format: cidr - type: string - type: array - x-kubernetes-list-type: set - type: object - type: object - vcenters: - description: vcenters holds the connection details for services - to communicate with vCenter. Currently, only a single vCenter - is supported. --- - items: - description: VSpherePlatformVCenterSpec stores the vCenter - connection fields. This is used by the vSphere CCM. - properties: - datacenters: - description: The vCenter Datacenters in which the RHCOS - vm guests are located. This field will be used by - the Cloud Controller Manager. Each datacenter listed - here should be used within a topology. - items: - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - port: - description: port is the TCP port that will be used - to communicate to the vCenter endpoint. When omitted, - this means the user has no opinion and it is up to - the platform to choose a sensible default, which is - subject to change over time. - format: int32 - maximum: 32767 - minimum: 1 - type: integer - server: - anyOf: - - format: ipv4 - - format: ipv6 - - format: hostname - description: server is the fully-qualified domain name - or the IP address of the vCenter server. --- - maxLength: 255 - type: string - required: - - datacenters - - server - type: object - maxItems: 1 - minItems: 0 - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - apiServerInternalURI: - description: apiServerInternalURL is a valid URI with scheme 'https', - address and optionally a port (defaulting to 443). apiServerInternalURL - can be used by components like kubelets, to contact the Kubernetes - API server using the infrastructure provider rather than Kubernetes - networking. - type: string - apiServerURL: - description: apiServerURL is a valid URI with scheme 'https', address - and optionally a port (defaulting to 443). apiServerURL can be - used by components like the web console to tell users where to find - the Kubernetes API. - type: string - controlPlaneTopology: - default: HighlyAvailable - description: controlPlaneTopology expresses the expectations for operands - that normally run on control nodes. The default is 'HighlyAvailable', - which represents the behavior operators have in a "normal" cluster. - The 'SingleReplica' mode will be used in single-node deployments - and the operators should not configure the operand for highly-available - operation The 'External' mode indicates that the control plane is - hosted externally to the cluster and that its components are not - visible within the cluster. - enum: - - HighlyAvailable - - SingleReplica - - External - type: string - cpuPartitioning: - default: None - description: cpuPartitioning expresses if CPU partitioning is a currently - enabled feature in the cluster. CPU Partitioning means that this - cluster can support partitioning workloads to specific CPU Sets. - Valid values are "None" and "AllNodes". When omitted, the default - value is "None". The default value of "None" indicates that no nodes - will be setup with CPU partitioning. The "AllNodes" value indicates - that all nodes have been setup with CPU partitioning, and can then - be further configured via the PerformanceProfile API. - enum: - - None - - AllNodes - type: string - etcdDiscoveryDomain: - description: 'etcdDiscoveryDomain is the domain used to fetch the - SRV records for discovering etcd servers and clients. For more info: - https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery - deprecated: as of 4.7, this field is no longer set or honored. It - will be removed in a future release.' - type: string - infrastructureName: - description: infrastructureName uniquely identifies a cluster with - a human friendly name. Once set it should not be changed. Must be - of max length 27 and must have only alphanumeric or hyphen characters. - type: string - infrastructureTopology: - default: HighlyAvailable - description: 'infrastructureTopology expresses the expectations for - infrastructure services that do not run on control plane nodes, - usually indicated by a node selector for a `role` value other than - `master`. The default is ''HighlyAvailable'', which represents the - behavior operators have in a "normal" cluster. The ''SingleReplica'' - mode will be used in single-node deployments and the operators should - not configure the operand for highly-available operation NOTE: External - topology mode is not applicable for this field.' - enum: - - HighlyAvailable - - SingleReplica - type: string - platform: - description: "platform is the underlying infrastructure provider for - the cluster. \n Deprecated: Use platformStatus.type instead." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - platformStatus: - description: platformStatus holds status information specific to the - underlying infrastructure provider. - properties: - alibabaCloud: - description: AlibabaCloud contains settings specific to the Alibaba - Cloud infrastructure provider. - properties: - region: - description: region specifies the region for Alibaba Cloud - resources created for the cluster. - pattern: ^[0-9A-Za-z-]+$ - type: string - resourceGroupID: - description: resourceGroupID is the ID of the resource group - for the cluster. - pattern: ^(rg-[0-9A-Za-z]+)?$ - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to Alibaba Cloud resources created for the cluster. - items: - description: AlibabaCloudResourceTag is the set of tags - to add to apply to resources. - properties: - key: - description: key is the key of the tag. - maxLength: 128 - minLength: 1 - type: string - value: - description: value is the value of the tag. - maxLength: 128 - minLength: 1 - type: string - required: - - key - - value - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - required: - - region - type: object - aws: - description: AWS contains settings specific to the Amazon Web - Services infrastructure provider. - properties: - region: - description: region holds the default AWS region for new AWS - resources created by the cluster. - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to AWS resources created for the cluster. See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html - for information on tagging AWS resources. AWS supports a - maximum of 50 tags per resource. OpenShift reserves 25 tags - for its use, leaving 25 tags available for the user. - items: - description: AWSResourceTag is a tag to apply to AWS resources - created for the cluster. - properties: - key: - description: key is the key of the tag - maxLength: 128 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - value: - description: value is the value of the tag. Some AWS - service do not support empty values. Since tags are - added to resources in many services, the length of - the tag value must meet the requirements of all services. - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 25 - type: array - x-kubernetes-list-type: atomic - serviceEndpoints: - description: ServiceEndpoints list contains custom endpoints - which will override default service endpoint of AWS Services. - There must be only one ServiceEndpoint for a service. - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults of AWS Services. - properties: - name: - description: name is the name of the AWS service. The - list of all the service names can be found at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - pattern: ^https:// - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - azure: - description: Azure contains settings specific to the Azure infrastructure - provider. - properties: - armEndpoint: - description: armEndpoint specifies a URL to use for resource - management in non-soverign clouds such as Azure Stack. - type: string - cloudName: - description: cloudName is the name of the Azure cloud environment - which can be used to configure the Azure SDK with the appropriate - Azure API endpoints. If empty, the value is equal to `AzurePublicCloud`. - enum: - - "" - - AzurePublicCloud - - AzureUSGovernmentCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureStackCloud - type: string - networkResourceGroupName: - description: networkResourceGroupName is the Resource Group - for network resources like the Virtual Network and Subnets - used by the cluster. If empty, the value is same as ResourceGroupName. - type: string - resourceGroupName: - description: resourceGroupName is the Resource Group for new - Azure resources created for the cluster. - type: string - resourceTags: - description: resourceTags is a list of additional tags to - apply to Azure resources created for the cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags - for information on tagging Azure resources. Due to limitations - on Automation, Content Delivery Network, DNS Azure resources, - a maximum of 15 tags may be applied. OpenShift reserves - 5 tags for internal use, allowing 10 tags for user configuration. - items: - description: AzureResourceTag is a tag to apply to Azure - resources created for the cluster. - properties: - key: - description: key is the key part of the tag. A tag key - can have a maximum of 128 characters and cannot be - empty. Key must begin with a letter, end with a letter, - number or underscore, and must contain only alphanumeric - characters and the following special characters `_ - . -`. - maxLength: 128 - minLength: 1 - pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$ - type: string - value: - description: 'value is the value part of the tag. A - tag value can have a maximum of 256 characters and - cannot be empty. Value must contain only alphanumeric - characters and the following special characters `_ - + , - . / : ; < = > ? @`.' - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 10 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: resourceTags are immutable and may only be configured - during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) - type: object - x-kubernetes-validations: - - message: resourceTags may only be configured during installation - rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) - || has(oldSelf.resourceTags) && has(self.resourceTags)' - baremetal: - description: BareMetal contains settings specific to the BareMetal - platform. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on BareMetal platform which can be a - user-managed or openshift-managed load balancer that - is to be used for the OpenShift API and Ingress endpoints. - When set to OpenShiftManagedDefault the static pods - in charge of API and Ingress traffic load-balancing - defined in the machine config operator will be deployed. - When set to UserManaged these static pods will not be - deployed and it is expected that the load balancer is - configured out of band by the deployer. When omitted, - this means no opinion and the platform is left to choose - a reasonable default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for BareMetal deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - equinixMetal: - description: EquinixMetal contains settings specific to the Equinix - Metal infrastructure provider. - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. - type: string - type: object - external: - description: External contains settings specific to the generic - External infrastructure provider. - properties: - cloudControllerManager: - description: cloudControllerManager contains settings specific - to the external Cloud Controller Manager (a.k.a. CCM or - CPI). When omitted, new nodes will be not tainted and no - extra initialization from the cloud controller manager is - expected. - properties: - state: - description: "state determines whether or not an external - Cloud Controller Manager is expected to be installed - within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager - \n Valid values are \"External\", \"None\" and omitted. - When set to \"External\", new nodes will be tainted - as uninitialized when created, preventing them from - running workloads until they are initialized by the - cloud controller manager. When omitted or set to \"None\", - new nodes will be not tainted and no extra initialization - from the cloud controller manager is expected." - enum: - - "" - - External - - None - type: string - x-kubernetes-validations: - - message: state is immutable once set - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: state may not be added or removed once set - rule: (has(self.state) == has(oldSelf.state)) || (!has(oldSelf.state) - && self.state != "External") - type: object - x-kubernetes-validations: - - message: cloudControllerManager may not be added or removed - once set - rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager) - gcp: - description: GCP contains settings specific to the Google Cloud - Platform infrastructure provider. - properties: - cloudLoadBalancerConfig: - default: - dnsType: PlatformDefault - description: cloudLoadBalancerConfig is a union that contains - the IP addresses of API, API-Int and Ingress Load Balancers - created on the cloud platform. These values would not be - populated on on-prem platforms. These Load Balancer IPs - are used to configure the in-cluster DNS instances for API, - API-Int and Ingress services. `dnsType` is expected to be - set to `ClusterHosted` when these Load Balancer IP addresses - are populated and used. - nullable: true - properties: - clusterHosted: - description: clusterHosted holds the IP addresses of API, - API-Int and Ingress Load Balancers on Cloud Platforms. - The DNS solution hosted within the cluster use these - IP addresses to provide resolution for API, API-Int - and Ingress services. - properties: - apiIntLoadBalancerIPs: - description: apiIntLoadBalancerIPs holds Load Balancer - IPs for the internal API service. These Load Balancer - IP addresses can be IPv4 and/or IPv6 addresses. - Entries in the apiIntLoadBalancerIPs must be unique. - A maximum of 16 IP addresses are permitted. - format: ip - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 16 - type: array - x-kubernetes-list-type: set - apiLoadBalancerIPs: - description: apiLoadBalancerIPs holds Load Balancer - IPs for the API service. These Load Balancer IP - addresses can be IPv4 and/or IPv6 addresses. Could - be empty for private clusters. Entries in the apiLoadBalancerIPs - must be unique. A maximum of 16 IP addresses are - permitted. - format: ip - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 16 - type: array - x-kubernetes-list-type: set - ingressLoadBalancerIPs: - description: ingressLoadBalancerIPs holds IPs for - Ingress Load Balancers. These Load Balancer IP addresses - can be IPv4 and/or IPv6 addresses. Entries in the - ingressLoadBalancerIPs must be unique. A maximum - of 16 IP addresses are permitted. - format: ip - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 16 - type: array - x-kubernetes-list-type: set - type: object - dnsType: - default: PlatformDefault - description: dnsType indicates the type of DNS solution - in use within the cluster. Its default value of `PlatformDefault` - indicates that the cluster's DNS is the default provided - by the cloud platform. It can be set to `ClusterHosted` - to bypass the configuration of the cloud default DNS. - In this mode, the cluster needs to provide a self-hosted - DNS solution for the cluster's installation to succeed. - The cluster's use of the cloud's Load Balancers is unaffected - by this setting. The value is immutable after it has - been set at install time. Currently, there is no way - for the customer to add additional DNS entries into - the cluster hosted DNS. Enabling this functionality - allows the user to start their own DNS solution outside - the cluster after installation is complete. The customer - would be responsible for configuring this custom DNS - solution, and it can be run in addition to the in-cluster - DNS solution. - enum: - - ClusterHosted - - PlatformDefault - type: string - x-kubernetes-validations: - - message: dnsType is immutable - rule: oldSelf == '' || self == oldSelf - type: object - x-kubernetes-validations: - - message: clusterHosted is permitted only when dnsType is - ClusterHosted - rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted'' - ? !has(self.clusterHosted) : true' - projectID: - description: resourceGroupName is the Project ID for new GCP - resources created for the cluster. - type: string - region: - description: region holds the region for new GCP resources - created for the cluster. - type: string - resourceLabels: - description: resourceLabels is a list of additional labels - to apply to GCP resources created for the cluster. See https://cloud.google.com/compute/docs/labeling-resources - for information on labeling GCP resources. GCP supports - a maximum of 64 labels per resource. OpenShift reserves - 32 labels for internal use, allowing 32 labels for user - configuration. - items: - description: GCPResourceLabel is a label to apply to GCP - resources created for the cluster. - properties: - key: - description: key is the key part of the label. A label - key can have a maximum of 63 characters and cannot - be empty. Label key must begin with a lowercase letter, - and must contain only lowercase letters, numeric characters, - and the following special characters `_-`. Label key - must not have the reserved prefixes `kubernetes-io` - and `openshift-io`. - maxLength: 63 - minLength: 1 - pattern: ^[a-z][0-9a-z_-]{0,62}$ - type: string - x-kubernetes-validations: - - message: label keys must not start with either `openshift-io` - or `kubernetes-io` - rule: '!self.startsWith(''openshift-io'') && !self.startsWith(''kubernetes-io'')' - value: - description: value is the value part of the label. A - label value can have a maximum of 63 characters and - cannot be empty. Value must contain only lowercase - letters, numeric characters, and the following special - characters `_-`. - maxLength: 63 - minLength: 1 - pattern: ^[0-9a-z_-]{1,63}$ - type: string - required: - - key - - value - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: resourceLabels are immutable and may only be configured - during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) - resourceTags: - description: resourceTags is a list of additional tags to - apply to GCP resources created for the cluster. See https://cloud.google.com/resource-manager/docs/tags/tags-overview - for information on tagging GCP resources. GCP supports a - maximum of 50 tags per resource. - items: - description: GCPResourceTag is a tag to apply to GCP resources - created for the cluster. - properties: - key: - description: key is the key part of the tag. A tag key - can have a maximum of 63 characters and cannot be - empty. Tag key must begin and end with an alphanumeric - character, and must contain only uppercase, lowercase - alphanumeric characters, and the following special - characters `._-`. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ - type: string - parentID: - description: 'parentID is the ID of the hierarchical - resource where the tags are defined, e.g. at the Organization - or the Project level. To find the Organization or - Project ID refer to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, - https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. - An OrganizationID must consist of decimal numbers, - and cannot have leading zeroes. A ProjectID must be - 6 to 30 characters in length, can only contain lowercase - letters, numbers, and hyphens, and must start with - a letter, and cannot end with a hyphen.' - maxLength: 32 - minLength: 1 - pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) - type: string - value: - description: value is the value part of the tag. A tag - value can have a maximum of 63 characters and cannot - be empty. Tag value must begin and end with an alphanumeric - character, and must contain only uppercase, lowercase - alphanumeric characters, and the following special - characters `_-.@%=+:,*#&(){}[]` and spaces. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ - type: string - required: - - key - - parentID - - value - type: object - maxItems: 50 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: resourceTags are immutable and may only be configured - during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, x in self) - type: object - x-kubernetes-validations: - - message: resourceLabels may only be configured during installation - rule: '!has(oldSelf.resourceLabels) && !has(self.resourceLabels) - || has(oldSelf.resourceLabels) && has(self.resourceLabels)' - - message: resourceTags may only be configured during installation - rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) - || has(oldSelf.resourceTags) && has(self.resourceTags)' - ibmcloud: - description: IBMCloud contains settings specific to the IBMCloud - infrastructure provider. - properties: - cisInstanceCRN: - description: CISInstanceCRN is the CRN of the Cloud Internet - Services instance managing the DNS zone for the cluster's - base domain - type: string - dnsInstanceCRN: - description: DNSInstanceCRN is the CRN of the DNS Services - instance managing the DNS zone for the cluster's base domain - type: string - location: - description: Location is where the cluster has been deployed - type: string - providerType: - description: ProviderType indicates the type of cluster that - was created - type: string - resourceGroupName: - description: ResourceGroupName is the Resource Group for new - IBMCloud resources created for the cluster. - type: string - serviceEndpoints: - description: serviceEndpoints is a list of custom endpoints - which will override the default service endpoints of an - IBM Cloud service. These endpoints are consumed by components - within the cluster to reach the respective IBM Cloud Services. - items: - description: IBMCloudServiceEndpoint stores the configuration - of a custom url to override existing defaults of IBM Cloud - Services. - properties: - name: - description: 'name is the name of the IBM Cloud service. - Possible values are: CIS, COS, DNSServices, GlobalSearch, - GlobalTagging, HyperProtect, IAM, KeyProtect, ResourceController, - ResourceManager, or VPC. For example, the IBM Cloud - Private IAM service could be configured with the service - `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` - Whereas the IBM Cloud Private VPC service for US South - (Dallas) could be configured with the service `name` - of `VPC` and `url` of `https://us.south.private.iaas.cloud.ibm.com`' - enum: - - CIS - - COS - - DNSServices - - GlobalSearch - - GlobalTagging - - HyperProtect - - IAM - - KeyProtect - - ResourceController - - ResourceManager - - VPC - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - type: string - x-kubernetes-validations: - - message: url must be a valid absolute URL - rule: isURL(self) - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - kubevirt: - description: Kubevirt contains settings specific to the kubevirt - infrastructure provider. - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes to the - default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. - type: string - type: object - nutanix: - description: Nutanix contains settings specific to the Nutanix - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on Nutanix platform which can be a user-managed - or openshift-managed load balancer that is to be used - for the OpenShift API and Ingress endpoints. When set - to OpenShiftManagedDefault the static pods in charge - of API and Ingress traffic load-balancing defined in - the machine config operator will be deployed. When set - to UserManaged these static pods will not be deployed - and it is expected that the load balancer is configured - out of band by the deployer. When omitted, this means - no opinion and the platform is left to choose a reasonable - default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - type: object - openstack: - description: OpenStack contains settings specific to the OpenStack - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - cloudName: - description: cloudName is the name of the desired OpenStack - cloud in the client configuration file (`clouds.yaml`). - type: string - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on OpenStack platform which can be a - user-managed or openshift-managed load balancer that - is to be used for the OpenShift API and Ingress endpoints. - When set to OpenShiftManagedDefault the static pods - in charge of API and Ingress traffic load-balancing - defined in the machine config operator will be deployed. - When set to UserManaged these static pods will not be - deployed and it is expected that the load balancer is - configured out of band by the deployer. When omitted, - this means no opinion and the platform is left to choose - a reasonable default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for OpenStack deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - ovirt: - description: Ovirt contains settings specific to the oVirt infrastructure - provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on Ovirt platform which can be a user-managed - or openshift-managed load balancer that is to be used - for the OpenShift API and Ingress endpoints. When set - to OpenShiftManagedDefault the static pods in charge - of API and Ingress traffic load-balancing defined in - the machine config operator will be deployed. When set - to UserManaged these static pods will not be deployed - and it is expected that the load balancer is configured - out of band by the deployer. When omitted, this means - no opinion and the platform is left to choose a reasonable - default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - nodeDNSIP: - description: 'deprecated: as of 4.6, this field is no longer - set or honored. It will be removed in a future release.' - type: string - type: object - powervs: - description: PowerVS contains settings specific to the Power Systems - Virtual Servers infrastructure provider. - properties: - cisInstanceCRN: - description: CISInstanceCRN is the CRN of the Cloud Internet - Services instance managing the DNS zone for the cluster's - base domain - type: string - dnsInstanceCRN: - description: DNSInstanceCRN is the CRN of the DNS Services - instance managing the DNS zone for the cluster's base domain - type: string - region: - description: region holds the default Power VS region for - new Power VS resources created by the cluster. - type: string - resourceGroup: - description: 'resourceGroup is the resource group name for - new IBMCloud resources created for a cluster. The resource - group specified here will be used by cluster-image-registry-operator - to set up a COS Instance in IBMCloud for the cluster registry. - More about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. - When omitted, the image registry operator won''t be able - to configure storage, which results in the image registry - cluster operator not being in an available state.' - maxLength: 40 - pattern: ^[a-zA-Z0-9-_ ]+$ - type: string - x-kubernetes-validations: - - message: resourceGroup is immutable once set - rule: oldSelf == '' || self == oldSelf - serviceEndpoints: - description: serviceEndpoints is a list of custom endpoints - which will override the default service endpoints of a Power - VS service. - items: - description: PowervsServiceEndpoint stores the configuration - of a custom url to override existing defaults of PowerVS - Services. - properties: - name: - description: name is the name of the Power VS service. - Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api - ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller - Power Cloud - https://cloud.ibm.com/apidocs/power-cloud - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with scheme - https, that overrides the default generated endpoint - for a client. This must be provided and cannot be - empty. - format: uri - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - zone: - description: 'zone holds the default zone for the new Power - VS resources created by the cluster. Note: Currently only - single-zone OCP clusters are supported' - type: string - type: object - x-kubernetes-validations: - - message: cannot unset resourceGroup once set - rule: '!has(oldSelf.resourceGroup) || has(self.resourceGroup)' - type: - description: "type is the underlying infrastructure provider for - the cluster. This value controls whether infrastructure automation - such as service load balancers, dynamic volume provisioning, - machine creation and deletion, and other integrations are enabled. - If None, no infrastructure automation is enabled. Allowed values - are \"AWS\", \"Azure\", \"BareMetal\", \"GCP\", \"Libvirt\", - \"OpenStack\", \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", - \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual components - may not support all platforms, and must handle unrecognized - platforms as None if they do not support that platform. \n This - value will be synced with to the `status.platform` and `status.platformStatus.type`. - Currently this value cannot be changed once set." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: VSphere contains settings specific to the VSphere - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address to contact - the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. It is the IP that the - Infrastructure.status.apiServerInternalURI points to. It - is the IP for a self-hosted load balancer in front of the - API servers. \n Deprecated: Use APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses to - contact the Kubernetes API server that can be used by components - inside the cluster, like kubelets using the infrastructure - rather than Kubernetes networking. These are the IPs for - a self-hosted load balancer in front of the API servers. - In dual stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes to - the default ingress controller. The IP is a suitable target - of a wildcard DNS record used to resolve default route host - names. \n Deprecated: Use IngressIPs instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which route to - the default ingress controller. The IPs are suitable targets - of a wildcard DNS record used to resolve default route host - names. In dual stack clusters this list contains two IPs - otherwise only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer used - by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer used - by the cluster on VSphere platform which can be a user-managed - or openshift-managed load balancer that is to be used - for the OpenShift API and Ingress endpoints. When set - to OpenShiftManagedDefault the static pods in charge - of API and Ingress traffic load-balancing defined in - the machine config operator will be deployed. When set - to UserManaged these static pods will not be deployed - and it is expected that the load balancer is configured - out of band by the deployer. When omitted, this means - no opinion and the platform is left to choose a reasonable - default. The default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used to connect - all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the DNS - operator, `NodeDNSIP` provides name resolution for the nodes - themselves. There is no DNS-as-a-service for vSphere deployments. - In order to minimize necessary changes to the datacenter - DNS, a DNS service is hosted as a static pod to serve those - hostnames to the nodes in the cluster. - type: string - type: object - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml deleted file mode 100644 index d5df2d9e9ee..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml +++ /dev/null @@ -1,554 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: ingresses.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Ingress - listKind: IngressList - plural: ingresses - singular: ingress - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Ingress holds cluster-wide information about ingress, including - the default ingress domain used for routes. The canonical name is `cluster`. - \n Compatibility level 1: Stable within a major release for a minimum of - 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - appsDomain: - description: appsDomain is an optional domain to use instead of the - one specified in the domain field when a Route is created without - specifying an explicit host. If appsDomain is nonempty, this value - is used to generate default host values for Route. Unlike domain, - appsDomain may be modified after installation. This assumes a new - ingresscontroller has been setup with a wildcard certificate. - type: string - componentRoutes: - description: "componentRoutes is an optional list of routes that are - managed by OpenShift components that a cluster-admin is able to - configure the hostname and serving certificate for. The namespace - and name of each route in this list should match an existing entry - in the status.componentRoutes list. \n To determine the set of configurable - Routes, look at namespace and name of entries in the .status.componentRoutes - list, where participating operators write the status of configurable - routes." - items: - description: ComponentRouteSpec allows for configuration of a route's - hostname and serving certificate. - properties: - hostname: - description: hostname is the hostname that should be used by - the route. - pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ - type: string - name: - description: "name is the logical name of the route to customize. - \n The namespace and name of this componentRoute must match - a corresponding entry in the list of status.componentRoutes - if the route is to be customized." - maxLength: 256 - minLength: 1 - type: string - namespace: - description: "namespace is the namespace of the route to customize. - \n The namespace and name of this componentRoute must match - a corresponding entry in the list of status.componentRoutes - if the route is to be customized." - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - servingCertKeyPairSecret: - description: servingCertKeyPairSecret is a reference to a secret - of type `kubernetes.io/tls` in the openshift-config namespace. - The serving cert/key pair must match and will be used by the - operator to fulfill the intent of serving with this name. - If the custom hostname uses the default routing suffix of - the cluster, the Secret specification for a serving certificate - will not be needed. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - required: - - hostname - - name - - namespace - type: object - type: array - x-kubernetes-list-map-keys: - - namespace - - name - x-kubernetes-list-type: map - domain: - description: "domain is used to generate a default host name for a - route when the route's host name is empty. The generated host name - will follow this pattern: \"..\". - \n It is also used as the default wildcard domain suffix for ingress. - The default ingresscontroller domain will follow this pattern: \"*.\". - \n Once set, changing domain is not currently supported." - type: string - loadBalancer: - description: loadBalancer contains the load balancer details in general - which are not only specific to the underlying infrastructure provider - of the current cluster and are required for Ingress Controller to - work on OpenShift. - properties: - platform: - description: platform holds configuration specific to the underlying - infrastructure provider for the ingress load balancers. When - omitted, this means the user has no opinion and the platform - is left to choose reasonable defaults. These defaults are subject - to change over time. - properties: - aws: - description: aws contains settings specific to the Amazon - Web Services infrastructure provider. - properties: - type: - description: "type allows user to set a load balancer - type. When this field is set the default ingresscontroller - will get created using the specified LBType. If this - field is not set then the default ingress controller - of LBType Classic will be created. Valid values are: - \n * \"Classic\": A Classic Load Balancer that makes - routing decisions at either the transport layer (TCP/SSL) - or the application layer (HTTP/HTTPS). See the following - for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb - \n * \"NLB\": A Network Load Balancer that makes routing - decisions at the transport layer (TCP/SSL). See the - following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" - enum: - - NLB - - Classic - type: string - required: - - type - type: object - type: - description: type is the underlying infrastructure provider - for the cluster. Allowed values are "AWS", "Azure", "BareMetal", - "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt", - "EquinixMetal", "PowerVS", "AlibabaCloud", "Nutanix" and - "None". Individual components may not support all platforms, - and must handle unrecognized platforms as None if they do - not support that platform. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - type: object - type: object - requiredHSTSPolicies: - description: "requiredHSTSPolicies specifies HSTS policies that are - required to be set on newly created or updated routes matching - the domainPattern/s and namespaceSelector/s that are specified in - the policy. Each requiredHSTSPolicy must have at least a domainPattern - and a maxAge to validate a route HSTS Policy route annotation, and - affect route admission. \n A candidate route is checked for HSTS - Policies if it has the HSTS Policy route annotation: \"haproxy.router.openshift.io/hsts_header\" - E.g. haproxy.router.openshift.io/hsts_header: max-age=31536000;preload;includeSubDomains - \n - For each candidate route, if it matches a requiredHSTSPolicy - domainPattern and optional namespaceSelector, then the maxAge, preloadPolicy, - and includeSubdomainsPolicy must be valid to be admitted. Otherwise, - the route is rejected. - The first match, by domainPattern and optional - namespaceSelector, in the ordering of the RequiredHSTSPolicies determines - the route's admission status. - If the candidate route doesn't match - any requiredHSTSPolicy domainPattern and optional namespaceSelector, - then it may use any HSTS Policy annotation. \n The HSTS policy configuration - may be changed after routes have already been created. An update - to a previously admitted route may then fail if the updated route - does not conform to the updated HSTS policy configuration. However, - changing the HSTS policy configuration will not cause a route that - is already admitted to stop working. \n Note that if there are no - RequiredHSTSPolicies, any HSTS Policy annotation on the route is - valid." - items: - properties: - domainPatterns: - description: "domainPatterns is a list of domains for which - the desired HSTS annotations are required. If domainPatterns - is specified and a route is created with a spec.host matching - one of the domains, the route must specify the HSTS Policy - components described in the matching RequiredHSTSPolicy. \n - The use of wildcards is allowed like this: *.foo.com matches - everything under foo.com. foo.com only matches foo.com, so - to cover foo.com and everything under it, you must specify - *both*." - items: - type: string - minItems: 1 - type: array - includeSubDomainsPolicy: - description: 'includeSubDomainsPolicy means the HSTS Policy - should apply to any subdomains of the host''s domain name. Thus, - for the host bar.foo.com, if includeSubDomainsPolicy was set - to RequireIncludeSubDomains: - the host app.bar.foo.com would - inherit the HSTS Policy of bar.foo.com - the host bar.foo.com - would inherit the HSTS Policy of bar.foo.com - the host foo.com - would NOT inherit the HSTS Policy of bar.foo.com - the host - def.foo.com would NOT inherit the HSTS Policy of bar.foo.com' - enum: - - RequireIncludeSubDomains - - RequireNoIncludeSubDomains - - NoOpinion - type: string - maxAge: - description: maxAge is the delta time range in seconds during - which hosts are regarded as HSTS hosts. If set to 0, it negates - the effect, and hosts are removed as HSTS hosts. If set to - 0 and includeSubdomains is specified, all subdomains of the - host are also removed as HSTS hosts. maxAge is a time-to-live - value, and if this policy is not refreshed on a client, the - HSTS policy will eventually expire on that client. - properties: - largestMaxAge: - description: The largest allowed value (in seconds) of the - RequiredHSTSPolicy max-age This value can be left unspecified, - in which case no upper limit is enforced. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - smallestMaxAge: - description: The smallest allowed value (in seconds) of - the RequiredHSTSPolicy max-age Setting max-age=0 allows - the deletion of an existing HSTS header from a host. This - is a necessary tool for administrators to quickly correct - mistakes. This value can be left unspecified, in which - case no lower limit is enforced. - format: int32 - maximum: 2147483647 - minimum: 0 - type: integer - type: object - namespaceSelector: - description: namespaceSelector specifies a label selector such - that the policy applies only to those routes that are in namespaces - with labels that match the selector, and are in one of the - DomainPatterns. Defaults to the empty LabelSelector, which - matches everything. - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values array - must be non-empty. If the operator is Exists or - DoesNotExist, the values array must be empty. This - array is replaced during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is - "key", the operator is "In", and the values array contains - only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - preloadPolicy: - description: preloadPolicy directs the client to include hosts - in its host preload list so that it never needs to do an initial - load to get the HSTS header (note that this is not defined - in RFC 6797 and is therefore client implementation-dependent). - enum: - - RequirePreload - - RequireNoPreload - - NoOpinion - type: string - required: - - domainPatterns - type: object - type: array - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - componentRoutes: - description: componentRoutes is where participating operators place - the current route status for routes whose hostnames and serving - certificates can be customized by the cluster-admin. - items: - description: ComponentRouteStatus contains information allowing - configuration of a route's hostname and serving certificate. - properties: - conditions: - description: "conditions are used to communicate the state of - the componentRoutes entry. \n Supported conditions include - Available, Degraded and Progressing. \n If available is true, - the content served by the route can be accessed by users. - This includes cases where a default may continue to serve - content while the customized route specified by the cluster-admin - is being configured. \n If Degraded is true, that means something - has gone wrong trying to handle the componentRoutes entry. - The currentHostnames field may or may not be in effect. \n - If Progressing is true, that means the component is taking - some action related to the componentRoutes entry." - items: - description: "Condition contains details for one aspect of - the current state of this API Resource. --- This struct - is intended for direct use as an array at the field path - .status.conditions. For example, \n type FooStatus struct{ - // Represents the observations of a foo's current state. - // Known .status.conditions.type are: \"Available\", \"Progressing\", - and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields - }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should - be when the underlying condition changed. If that is - not known, then using the time when the API field changed - is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the - current state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define expected - values and meanings for this field, and whether the - values are considered a guaranteed API. The value should - be a CamelCase string. This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, - Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across - resources like Available, but because arbitrary conditions - can be useful (see .node.status.conditions), the ability - to deconflict is important. The regex it matches is - (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - consumingUsers: - description: consumingUsers is a slice of ServiceAccounts that - need to have read permission on the servingCertKeyPairSecret - secret. - items: - description: ConsumingUser is an alias for string which we - add validation to. Currently only service accounts are supported. - maxLength: 512 - minLength: 1 - pattern: ^system:serviceaccount:[a-z0-9]([-a-z0-9]*[a-z0-9])?:[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - maxItems: 5 - type: array - currentHostnames: - description: currentHostnames is the list of current names used - by the route. Typically, this list should consist of a single - hostname, but if multiple hostnames are supported by the route - the operator may write multiple entries to this list. - items: - description: "Hostname is an alias for hostname string validation. - \n The left operand of the | is the original kubebuilder - hostname validation format, which is incorrect because it - allows upper case letters, disallows hyphen or number in - the TLD, and allows labels to start/end in non-alphanumeric - characters. See https://bugzilla.redhat.com/show_bug.cgi?id=2039256. - ^([a-zA-Z0-9\\p{S}\\p{L}]((-?[a-zA-Z0-9\\p{S}\\p{L}]{0,62})?)|([a-zA-Z0-9\\p{S}\\p{L}](([a-zA-Z0-9-\\p{S}\\p{L}]{0,61}[a-zA-Z0-9\\p{S}\\p{L}])?)(\\.)){1,}([a-zA-Z\\p{L}]){2,63})$ - \n The right operand of the | is a new pattern that mimics - the current API route admission validation on hostname, - except that it allows hostnames longer than the maximum - length: ^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ - \n Both operand patterns are made available so that modifications - on ingress spec can still happen after an invalid hostname - was saved via validation by the incorrect left operand of - the | operator." - pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ - type: string - minItems: 1 - type: array - defaultHostname: - description: defaultHostname is the hostname of this route prior - to customization. - pattern: ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ - type: string - name: - description: "name is the logical name of the route to customize. - It does not have to be the actual name of a route resource - but it cannot be renamed. \n The namespace and name of this - componentRoute must match a corresponding entry in the list - of spec.componentRoutes if the route is to be customized." - maxLength: 256 - minLength: 1 - type: string - namespace: - description: "namespace is the namespace of the route to customize. - It must be a real namespace. Using an actual namespace ensures - that no two components will conflict and the same component - can be installed multiple times. \n The namespace and name - of this componentRoute must match a corresponding entry in - the list of spec.componentRoutes if the route is to be customized." - maxLength: 63 - minLength: 1 - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - relatedObjects: - description: relatedObjects is a list of resources which are - useful when debugging or inspecting how spec.componentRoutes - is applied. - items: - description: ObjectReference contains enough information to - let you inspect or modify the referred object. - properties: - group: - description: group of the referent. - type: string - name: - description: name of the referent. - type: string - namespace: - description: namespace of the referent. - type: string - resource: - description: resource of the referent. - type: string - required: - - group - - name - - resource - type: object - minItems: 1 - type: array - required: - - defaultHostname - - name - - namespace - - relatedObjects - type: object - type: array - x-kubernetes-list-map-keys: - - namespace - - name - x-kubernetes-list-type: map - defaultPlacement: - description: "defaultPlacement is set at installation time to control - which nodes will host the ingress router pods by default. The options - are control-plane nodes or worker nodes. \n This field works by - dictating how the Cluster Ingress Operator will consider unset replicas - and nodePlacement fields in IngressController resources when creating - the corresponding Deployments. \n See the documentation for the - IngressController replicas and nodePlacement fields for more information. - \n When omitted, the default value is Workers" - enum: - - ControlPlane - - Workers - - "" - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml deleted file mode 100644 index 490bd2a7fad..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml +++ /dev/null @@ -1,283 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: networks.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Network - listKind: NetworkList - plural: networks - singular: network - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Network holds cluster-wide information about Network. The canonical - name is `cluster`. It is used to configure the desired network configuration, - such as: IP address pools for services/pod IPs, network plugin, etc. Please - view network.spec for an explanation on what applies when configuring this - resource. \n Compatibility level 1: Stable within a major release for a - minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration. As a general - rule, this SHOULD NOT be read directly. Instead, you should consume - the NetworkStatus, as it indicates the currently deployed configuration. - Currently, most spec fields are immutable after installation. Please - view the individual ones for further details on each. - properties: - clusterNetwork: - description: IP address pool to use for pod IPs. This field is immutable - after installation. - items: - description: ClusterNetworkEntry is a contiguous block of IP addresses - from which pod IPs are allocated. - properties: - cidr: - description: The complete block for pod IPs. - type: string - hostPrefix: - description: The size (prefix) of block to allocate to each - node. If this field is not used by the plugin, it can be left - unset. - format: int32 - minimum: 0 - type: integer - type: object - type: array - externalIP: - description: externalIP defines configuration for controllers that - affect Service.ExternalIP. If nil, then ExternalIP is not allowed - to be set. - properties: - autoAssignCIDRs: - description: autoAssignCIDRs is a list of CIDRs from which to - automatically assign Service.ExternalIP. These are assigned - when the service is of type LoadBalancer. In general, this is - only useful for bare-metal clusters. In Openshift 3.x, this - was misleadingly called "IngressIPs". Automatically assigned - External IPs are not affected by any ExternalIPPolicy rules. - Currently, only one entry may be provided. - items: - type: string - type: array - policy: - description: policy is a set of restrictions applied to the ExternalIP - field. If nil or empty, then ExternalIP is not allowed to be - set. - properties: - allowedCIDRs: - description: allowedCIDRs is the list of allowed CIDRs. - items: - type: string - type: array - rejectedCIDRs: - description: rejectedCIDRs is the list of disallowed CIDRs. - These take precedence over allowedCIDRs. - items: - type: string - type: array - type: object - type: object - networkType: - description: 'NetworkType is the plugin that is to be deployed (e.g. - OpenShiftSDN). This should match a value that the cluster-network-operator - understands, or else no networking will be installed. Currently - supported values are: - OpenShiftSDN This field is immutable after - installation.' - type: string - serviceNetwork: - description: IP address pool for services. Currently, we only support - a single entry here. This field is immutable after installation. - items: - type: string - type: array - serviceNodePortRange: - description: The port range allowed for Services of type NodePort. - If not specified, the default of 30000-32767 will be used. Such - Services without a NodePort specified will have one automatically - allocated from this range. This parameter can be updated after the - cluster is installed. - pattern: ^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - clusterNetwork: - description: IP address pool to use for pod IPs. - items: - description: ClusterNetworkEntry is a contiguous block of IP addresses - from which pod IPs are allocated. - properties: - cidr: - description: The complete block for pod IPs. - type: string - hostPrefix: - description: The size (prefix) of block to allocate to each - node. If this field is not used by the plugin, it can be left - unset. - format: int32 - minimum: 0 - type: integer - type: object - type: array - clusterNetworkMTU: - description: ClusterNetworkMTU is the MTU for inter-pod networking. - type: integer - conditions: - description: 'conditions represents the observations of a network.config - current state. Known .status.conditions.type are: "NetworkTypeMigrationInProgress", - "NetworkTypeMigrationMTUReady", "NetworkTypeMigrationTargetCNIAvailable", - "NetworkTypeMigrationTargetCNIInUse" and "NetworkTypeMigrationOriginalCNIPurged"' - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - migration: - description: Migration contains the cluster network migration configuration. - properties: - mtu: - description: MTU contains the MTU migration configuration. - properties: - machine: - description: Machine contains MTU migration configuration - for the machine's uplink. - properties: - from: - description: From is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: To is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - network: - description: Network contains MTU migration configuration - for the default network. - properties: - from: - description: From is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: To is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - type: object - networkType: - description: 'NetworkType is the target plugin that is to be deployed. - Currently supported values are: OpenShiftSDN, OVNKubernetes' - enum: - - OpenShiftSDN - - OVNKubernetes - type: string - type: object - networkType: - description: NetworkType is the plugin that is deployed (e.g. OpenShiftSDN). - type: string - serviceNetwork: - description: IP address pool for services. Currently, we only support - a single entry here. - items: - type: string - type: array - type: object - required: - - spec - type: object - served: true - storage: true diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_node.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_node.crd.yaml deleted file mode 100644 index 028fe4d7e35..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_node.crd.yaml +++ /dev/null @@ -1,67 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1107 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: nodes.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Node - listKind: NodeList - plural: nodes - singular: node - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Node holds cluster-wide information about node specific features. - \n Compatibility level 1: Stable within a major release for a minimum of - 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - cgroupMode: - description: CgroupMode determines the cgroups version on the node - enum: - - v1 - - v2 - - "" - type: string - workerLatencyProfile: - description: WorkerLatencyProfile determins the how fast the kubelet - is updating the status and corresponding reaction of the cluster - enum: - - Default - - MediumUpdateAverageReaction - - LowUpdateSlowReaction - type: string - type: object - status: - description: status holds observed values. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml deleted file mode 100644 index 8294b886b20..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml +++ /dev/null @@ -1,699 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: oauths.config.openshift.io -spec: - group: config.openshift.io - names: - kind: OAuth - listKind: OAuthList - plural: oauths - singular: oauth - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "OAuth holds cluster-wide information about OAuth. The canonical - name is `cluster`. It is used to configure the integrated OAuth server. - This configuration is only honored when the top level Authentication config - has type set to IntegratedOAuth. \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - identityProviders: - description: identityProviders is an ordered list of ways for a user - to identify themselves. When this list is empty, no identities are - provisioned for users. - items: - description: IdentityProvider provides identities for users authenticating - using credentials - properties: - basicAuth: - description: basicAuth contains configuration options for the - BasicAuth IdP - properties: - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - tlsClientCert: - description: tlsClientCert is an optional reference to a - secret by name that contains the PEM-encoded TLS client - certificate to present when connecting to the server. - The key "tls.crt" is used to locate the data. If specified - and the secret or expected key is not found, the identity - provider is not honored. If the specified certificate - data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - tlsClientKey: - description: tlsClientKey is an optional reference to a - secret by name that contains the PEM-encoded TLS private - key for the client certificate referenced in tlsClientCert. - The key "tls.key" is used to locate the data. If specified - and the secret or expected key is not found, the identity - provider is not honored. If the specified certificate - data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - url: - description: url is the remote URL to connect to - type: string - type: object - github: - description: github enables user authentication using GitHub - credentials - properties: - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. This can only be configured when hostname is set - to a non-empty value. The namespace for this config map - is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the - secret by name containing the oauth client secret. The - key "clientSecret" is used to locate the data. If the - secret or expected key is not found, the identity provider - is not honored. The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - hostname: - description: hostname is the optional domain (e.g. "mycompany.com") - for use with a hosted instance of GitHub Enterprise. It - must match the GitHub Enterprise settings value configured - at /setup/settings#hostname. - type: string - organizations: - description: organizations optionally restricts which organizations - are allowed to log in - items: - type: string - type: array - teams: - description: teams optionally restricts which teams are - allowed to log in. Format is /. - items: - type: string - type: array - type: object - gitlab: - description: gitlab enables user authentication using GitLab - credentials - properties: - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the - secret by name containing the oauth client secret. The - key "clientSecret" is used to locate the data. If the - secret or expected key is not found, the identity provider - is not honored. The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - url: - description: url is the oauth server base URL - type: string - type: object - google: - description: google enables user authentication using Google - credentials - properties: - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the - secret by name containing the oauth client secret. The - key "clientSecret" is used to locate the data. If the - secret or expected key is not found, the identity provider - is not honored. The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - hostedDomain: - description: hostedDomain is the optional Google App domain - (e.g. "mycompany.com") to restrict logins to - type: string - type: object - htpasswd: - description: htpasswd enables user authentication using an HTPasswd - file to validate credentials - properties: - fileData: - description: fileData is a required reference to a secret - by name containing the data to use as the htpasswd file. - The key "htpasswd" is used to locate the data. If the - secret or expected key is not found, the identity provider - is not honored. If the specified htpasswd data is not - valid, the identity provider is not honored. The namespace - for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - type: object - keystone: - description: keystone enables user authentication using keystone - password credentials - properties: - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - domainName: - description: domainName is required for keystone v3 - type: string - tlsClientCert: - description: tlsClientCert is an optional reference to a - secret by name that contains the PEM-encoded TLS client - certificate to present when connecting to the server. - The key "tls.crt" is used to locate the data. If specified - and the secret or expected key is not found, the identity - provider is not honored. If the specified certificate - data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - tlsClientKey: - description: tlsClientKey is an optional reference to a - secret by name that contains the PEM-encoded TLS private - key for the client certificate referenced in tlsClientCert. - The key "tls.key" is used to locate the data. If specified - and the secret or expected key is not found, the identity - provider is not honored. If the specified certificate - data is not valid, the identity provider is not honored. - The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - url: - description: url is the remote URL to connect to - type: string - type: object - ldap: - description: ldap enables user authentication using LDAP credentials - properties: - attributes: - description: attributes maps LDAP attributes to identities - properties: - email: - description: email is the list of attributes whose values - should be used as the email address. Optional. If - unspecified, no email is set for the identity - items: - type: string - type: array - id: - description: id is the list of attributes whose values - should be used as the user ID. Required. First non-empty - attribute is used. At least one attribute is required. - If none of the listed attribute have a value, authentication - fails. LDAP standard identity attribute is "dn" - items: - type: string - type: array - name: - description: name is the list of attributes whose values - should be used as the display name. Optional. If unspecified, - no display name is set for the identity LDAP standard - display name attribute is "cn" - items: - type: string - type: array - preferredUsername: - description: preferredUsername is the list of attributes - whose values should be used as the preferred username. - LDAP standard login attribute is "uid" - items: - type: string - type: array - type: object - bindDN: - description: bindDN is an optional DN to bind with during - the search phase. - type: string - bindPassword: - description: bindPassword is an optional reference to a - secret by name containing a password to bind with during - the search phase. The key "bindPassword" is used to locate - the data. If specified and the secret or expected key - is not found, the identity provider is not honored. The - namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - insecure: - description: 'insecure, if true, indicates the connection - should not use TLS WARNING: Should not be set to `true` - with the URL scheme "ldaps://" as "ldaps://" URLs always - attempt to connect using TLS, even when `insecure` is - set to `true` When `true`, "ldap://" URLS connect insecurely. - When `false`, "ldap://" URLs are upgraded to a TLS connection - using StartTLS as specified in https://tools.ietf.org/html/rfc2830.' - type: boolean - url: - description: 'url is an RFC 2255 URL which specifies the - LDAP search parameters to use. The syntax of the URL is: - ldap://host:port/basedn?attribute?scope?filter' - type: string - type: object - mappingMethod: - description: mappingMethod determines how identities from this - provider are mapped to users Defaults to "claim" - type: string - name: - description: 'name is used to qualify the identities returned - by this provider. - It MUST be unique and not shared by any - other identity provider used - It MUST be a valid path segment: - name cannot equal "." or ".." or contain "/" or "%" or ":" - Ref: https://godoc.org/github.com/openshift/origin/pkg/user/apis/user/validation#ValidateIdentityProviderName' - type: string - openID: - description: openID enables user authentication using OpenID - credentials - properties: - ca: - description: ca is an optional reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. The key "ca.crt" is used to locate - the data. If specified and the config map or expected - key is not found, the identity provider is not honored. - If the specified ca data is not valid, the identity provider - is not honored. If empty, the default system roots are - used. The namespace for this config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - claims: - description: claims mappings - properties: - email: - description: email is the list of claims whose values - should be used as the email address. Optional. If - unspecified, no email is set for the identity - items: - type: string - type: array - x-kubernetes-list-type: atomic - groups: - description: groups is the list of claims value of which - should be used to synchronize groups from the OIDC - provider to OpenShift for the user. If multiple claims - are specified, the first one with a non-empty value - is used. - items: - description: OpenIDClaim represents a claim retrieved - from an OpenID provider's tokens or userInfo responses - minLength: 1 - type: string - type: array - x-kubernetes-list-type: atomic - name: - description: name is the list of claims whose values - should be used as the display name. Optional. If unspecified, - no display name is set for the identity - items: - type: string - type: array - x-kubernetes-list-type: atomic - preferredUsername: - description: preferredUsername is the list of claims - whose values should be used as the preferred username. - If unspecified, the preferred username is determined - from the value of the sub claim - items: - type: string - type: array - x-kubernetes-list-type: atomic - type: object - clientID: - description: clientID is the oauth client ID - type: string - clientSecret: - description: clientSecret is a required reference to the - secret by name containing the oauth client secret. The - key "clientSecret" is used to locate the data. If the - secret or expected key is not found, the identity provider - is not honored. The namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - required: - - name - type: object - extraAuthorizeParameters: - additionalProperties: - type: string - description: extraAuthorizeParameters are any custom parameters - to add to the authorize request. - type: object - extraScopes: - description: extraScopes are any scopes to request in addition - to the standard "openid" scope. - items: - type: string - type: array - issuer: - description: issuer is the URL that the OpenID Provider - asserts as its Issuer Identifier. It must use the https - scheme with no query or fragment component. - type: string - type: object - requestHeader: - description: requestHeader enables user authentication using - request header credentials - properties: - ca: - description: ca is a required reference to a config map - by name containing the PEM-encoded CA bundle. It is used - as a trust anchor to validate the TLS certificate presented - by the remote server. Specifically, it allows verification - of incoming requests to prevent header spoofing. The key - "ca.crt" is used to locate the data. If the config map - or expected key is not found, the identity provider is - not honored. If the specified ca data is not valid, the - identity provider is not honored. The namespace for this - config map is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - challengeURL: - description: challengeURL is a URL to redirect unauthenticated - /authorize requests to Unauthenticated requests from OAuth - clients which expect WWW-Authenticate challenges will - be redirected here. ${url} is replaced with the current - URL, escaped to be safe in a query parameter https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when challenge is set to true. - type: string - clientCommonNames: - description: clientCommonNames is an optional list of common - names to require a match from. If empty, any client certificate - validated against the clientCA bundle is considered authoritative. - items: - type: string - type: array - emailHeaders: - description: emailHeaders is the set of headers to check - for the email address - items: - type: string - type: array - headers: - description: headers is the set of headers to check for - identity information - items: - type: string - type: array - loginURL: - description: loginURL is a URL to redirect unauthenticated - /authorize requests to Unauthenticated requests from OAuth - clients which expect interactive logins will be redirected - here ${url} is replaced with the current URL, escaped - to be safe in a query parameter https://www.example.com/sso-login?then=${url} - ${query} is replaced with the current query string https://www.example.com/auth-proxy/oauth/authorize?${query} - Required when login is set to true. - type: string - nameHeaders: - description: nameHeaders is the set of headers to check - for the display name - items: - type: string - type: array - preferredUsernameHeaders: - description: preferredUsernameHeaders is the set of headers - to check for the preferred username - items: - type: string - type: array - type: object - type: - description: type identifies the identity provider type for - this entry. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - templates: - description: templates allow you to customize pages like the login - page. - properties: - error: - description: error is the name of a secret that specifies a go - template to use to render error pages during the authentication - or grant flow. The key "errors.html" is used to locate the template - data. If specified and the secret or expected key is not found, - the default error page is used. If the specified template is - not valid, the default error page is used. If unspecified, the - default error page is used. The namespace for this secret is - openshift-config. - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - login: - description: login is the name of a secret that specifies a go - template to use to render the login page. The key "login.html" - is used to locate the template data. If specified and the secret - or expected key is not found, the default login page is used. - If the specified template is not valid, the default login page - is used. If unspecified, the default login page is used. The - namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - providerSelection: - description: providerSelection is the name of a secret that specifies - a go template to use to render the provider selection page. - The key "providers.html" is used to locate the template data. - If specified and the secret or expected key is not found, the - default provider selection page is used. If the specified template - is not valid, the default provider selection page is used. If - unspecified, the default provider selection page is used. The - namespace for this secret is openshift-config. - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - type: object - tokenConfig: - description: tokenConfig contains options for authorization and access - tokens - properties: - accessTokenInactivityTimeout: - description: "accessTokenInactivityTimeout defines the token inactivity - timeout for tokens granted by any client. The value represents - the maximum amount of time that can occur between consecutive - uses of the token. Tokens become invalid if they are not used - within this temporal window. The user will need to acquire a - new token to regain access once a token times out. Takes valid - time duration string such as \"5m\", \"1.5h\" or \"2h45m\". - The minimum allowed value for duration is 300s (5 minutes). - If the timeout is configured per client, then that value takes - precedence. If the timeout value is not specified and the client - does not override the value, then tokens are valid until their - lifetime. \n WARNING: existing tokens' timeout will not be affected - (lowered) by changing this value" - type: string - accessTokenInactivityTimeoutSeconds: - description: 'accessTokenInactivityTimeoutSeconds - DEPRECATED: - setting this field has no effect.' - format: int32 - type: integer - accessTokenMaxAgeSeconds: - description: accessTokenMaxAgeSeconds defines the maximum age - of access tokens - format: int32 - type: integer - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml deleted file mode 100644 index d56e2c855ab..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml +++ /dev/null @@ -1,69 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: projects.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Project - listKind: ProjectList - plural: projects - singular: project - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Project holds cluster-wide information about Project. The canonical - name is `cluster` \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - projectRequestMessage: - description: projectRequestMessage is the string presented to a user - if they are unable to request a project via the projectrequest api - endpoint - type: string - projectRequestTemplate: - description: projectRequestTemplate is the template to use for creating - projects in response to projectrequest. This must point to a template - in 'openshift-config' namespace. It is optional. If it is not specified, - a default template is used. - properties: - name: - description: name is the metadata.name of the referenced project - request template - type: string - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler-CustomNoUpgrade.crd.yaml deleted file mode 100644 index e101af0b55b..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,131 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: schedulers.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Scheduler - listKind: SchedulerList - plural: schedulers - singular: scheduler - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Scheduler holds cluster-wide config information to run the Kubernetes - Scheduler and influence its placement decisions. The canonical name for - this config is `cluster`. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - defaultNodeSelector: - description: 'defaultNodeSelector helps set the cluster-wide default - node selector to restrict pod placement to specific nodes. This - is applied to the pods created in all namespaces and creates an - intersection with any existing nodeSelectors already set on a pod, - additionally constraining that pod''s selector. For example, defaultNodeSelector: - "type=user-node,region=east" would set nodeSelector field in pod - spec to "type=user-node,region=east" to all pods created in all - namespaces. Namespaces having project-wide node selectors won''t - be impacted even if this field is set. This adds an annotation section - to the namespace. For example, if a new namespace is created with - node-selector=''type=user-node,region=east'', the annotation openshift.io/node-selector: - type=user-node,region=east gets added to the project. When the openshift.io/node-selector - annotation is set on the project the value is used in preference - to the value we are setting for defaultNodeSelector field. For instance, - openshift.io/node-selector: "type=user-node,region=west" means that - the default of "type=user-node,region=east" set in defaultNodeSelector - would not be applied.' - type: string - mastersSchedulable: - description: 'MastersSchedulable allows masters nodes to be schedulable. - When this flag is turned on, all the master nodes in the cluster - will be made schedulable, so that workload pods can run on them. - The default value for this field is false, meaning none of the master - nodes are schedulable. Important Note: Once the workload pods start - running on the master nodes, extreme care must be taken to ensure - that cluster-critical control plane components are not impacted. - Please turn on this field after doing due diligence.' - type: boolean - policy: - description: 'DEPRECATED: the scheduler Policy API has been deprecated - and will be removed in a future release. policy is a reference to - a ConfigMap containing scheduler policy which has user specified - predicates and priorities. If this ConfigMap is not available scheduler - will default to use DefaultAlgorithmProvider. The namespace for - this configmap is openshift-config.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - profile: - description: "profile sets which scheduling profile should be set - in order to configure scheduling decisions for new pods. \n Valid - values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" - Defaults to \"LowNodeUtilization\"" - enum: - - "" - - LowNodeUtilization - - HighNodeUtilization - - NoScoring - type: string - profileCustomizations: - description: profileCustomizations contains configuration for modifying - the default behavior of existing scheduler profiles. - properties: - dynamicResourceAllocation: - description: dynamicResourceAllocation allows to enable or disable - dynamic resource allocation within the scheduler. Dynamic resource - allocation is an API for requesting and sharing resources between - pods and containers inside a pod. Third-party resource drivers - are responsible for tracking and allocating resources. Different - kinds of resources support arbitrary parameters for defining - requirements and initialization. Valid values are Enabled, Disabled - and omitted. When omitted, this means no opinion and the platform - is left to choose a reasonable default, which is subject to - change over time. The current default is Disabled. - enum: - - "" - - Enabled - - Disabled - type: string - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler-Default.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler-Default.crd.yaml deleted file mode 100644 index 61dd76ff12f..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler-Default.crd.yaml +++ /dev/null @@ -1,110 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: Default - name: schedulers.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Scheduler - listKind: SchedulerList - plural: schedulers - singular: scheduler - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Scheduler holds cluster-wide config information to run the Kubernetes - Scheduler and influence its placement decisions. The canonical name for - this config is `cluster`. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - defaultNodeSelector: - description: 'defaultNodeSelector helps set the cluster-wide default - node selector to restrict pod placement to specific nodes. This - is applied to the pods created in all namespaces and creates an - intersection with any existing nodeSelectors already set on a pod, - additionally constraining that pod''s selector. For example, defaultNodeSelector: - "type=user-node,region=east" would set nodeSelector field in pod - spec to "type=user-node,region=east" to all pods created in all - namespaces. Namespaces having project-wide node selectors won''t - be impacted even if this field is set. This adds an annotation section - to the namespace. For example, if a new namespace is created with - node-selector=''type=user-node,region=east'', the annotation openshift.io/node-selector: - type=user-node,region=east gets added to the project. When the openshift.io/node-selector - annotation is set on the project the value is used in preference - to the value we are setting for defaultNodeSelector field. For instance, - openshift.io/node-selector: "type=user-node,region=west" means that - the default of "type=user-node,region=east" set in defaultNodeSelector - would not be applied.' - type: string - mastersSchedulable: - description: 'MastersSchedulable allows masters nodes to be schedulable. - When this flag is turned on, all the master nodes in the cluster - will be made schedulable, so that workload pods can run on them. - The default value for this field is false, meaning none of the master - nodes are schedulable. Important Note: Once the workload pods start - running on the master nodes, extreme care must be taken to ensure - that cluster-critical control plane components are not impacted. - Please turn on this field after doing due diligence.' - type: boolean - policy: - description: 'DEPRECATED: the scheduler Policy API has been deprecated - and will be removed in a future release. policy is a reference to - a ConfigMap containing scheduler policy which has user specified - predicates and priorities. If this ConfigMap is not available scheduler - will default to use DefaultAlgorithmProvider. The namespace for - this configmap is openshift-config.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - profile: - description: "profile sets which scheduling profile should be set - in order to configure scheduling decisions for new pods. \n Valid - values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" - Defaults to \"LowNodeUtilization\"" - enum: - - "" - - LowNodeUtilization - - HighNodeUtilization - - NoScoring - type: string - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index 5573bd5f904..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,131 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: schedulers.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Scheduler - listKind: SchedulerList - plural: schedulers - singular: scheduler - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Scheduler holds cluster-wide config information to run the Kubernetes - Scheduler and influence its placement decisions. The canonical name for - this config is `cluster`. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - defaultNodeSelector: - description: 'defaultNodeSelector helps set the cluster-wide default - node selector to restrict pod placement to specific nodes. This - is applied to the pods created in all namespaces and creates an - intersection with any existing nodeSelectors already set on a pod, - additionally constraining that pod''s selector. For example, defaultNodeSelector: - "type=user-node,region=east" would set nodeSelector field in pod - spec to "type=user-node,region=east" to all pods created in all - namespaces. Namespaces having project-wide node selectors won''t - be impacted even if this field is set. This adds an annotation section - to the namespace. For example, if a new namespace is created with - node-selector=''type=user-node,region=east'', the annotation openshift.io/node-selector: - type=user-node,region=east gets added to the project. When the openshift.io/node-selector - annotation is set on the project the value is used in preference - to the value we are setting for defaultNodeSelector field. For instance, - openshift.io/node-selector: "type=user-node,region=west" means that - the default of "type=user-node,region=east" set in defaultNodeSelector - would not be applied.' - type: string - mastersSchedulable: - description: 'MastersSchedulable allows masters nodes to be schedulable. - When this flag is turned on, all the master nodes in the cluster - will be made schedulable, so that workload pods can run on them. - The default value for this field is false, meaning none of the master - nodes are schedulable. Important Note: Once the workload pods start - running on the master nodes, extreme care must be taken to ensure - that cluster-critical control plane components are not impacted. - Please turn on this field after doing due diligence.' - type: boolean - policy: - description: 'DEPRECATED: the scheduler Policy API has been deprecated - and will be removed in a future release. policy is a reference to - a ConfigMap containing scheduler policy which has user specified - predicates and priorities. If this ConfigMap is not available scheduler - will default to use DefaultAlgorithmProvider. The namespace for - this configmap is openshift-config.' - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - profile: - description: "profile sets which scheduling profile should be set - in order to configure scheduling decisions for new pods. \n Valid - values are \"LowNodeUtilization\", \"HighNodeUtilization\", \"NoScoring\" - Defaults to \"LowNodeUtilization\"" - enum: - - "" - - LowNodeUtilization - - HighNodeUtilization - - NoScoring - type: string - profileCustomizations: - description: profileCustomizations contains configuration for modifying - the default behavior of existing scheduler profiles. - properties: - dynamicResourceAllocation: - description: dynamicResourceAllocation allows to enable or disable - dynamic resource allocation within the scheduler. Dynamic resource - allocation is an API for requesting and sharing resources between - pods and containers inside a pod. Third-party resource drivers - are responsible for tracking and allocating resources. Different - kinds of resources support arbitrary parameters for defining - requirements and initialization. Valid values are Enabled, Disabled - and omitted. When omitted, this means no opinion and the platform - is left to choose a reasonable default, which is subject to - change over time. The current default is Disabled. - enum: - - "" - - Enabled - - Disabled - type: string - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_openshift-controller-manager-operator_01_build.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_openshift-controller-manager-operator_01_build.crd.yaml deleted file mode 100644 index b1b4fae9359..00000000000 --- a/vendor/github.com/openshift/api/config/v1/0000_10_openshift-controller-manager-operator_01_build.crd.yaml +++ /dev/null @@ -1,431 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - api.openshift.io/merged-by-featuregates: "true" - capability.openshift.io/name: Build - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: builds.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Build - listKind: BuildList - plural: builds - singular: build - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Build configures the behavior of OpenShift builds for the entire - cluster. This includes default settings that can be overridden in BuildConfig - objects, and overrides which are applied to all builds. \n The canonical - name is \"cluster\" \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec holds user-settable values for the build controller - configuration - properties: - additionalTrustedCA: - description: "AdditionalTrustedCA is a reference to a ConfigMap containing - additional CAs that should be trusted for image pushes and pulls - during builds. The namespace for this config map is openshift-config. - \n DEPRECATED: Additional CAs for image pull and push should be - set on image.config.openshift.io/cluster instead." - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - buildDefaults: - description: BuildDefaults controls the default information for Builds - properties: - defaultProxy: - description: "DefaultProxy contains the default proxy settings - for all build operations, including image pull/push and source - download. \n Values can be overrode by setting the `HTTP_PROXY`, - `HTTPS_PROXY`, and `NO_PROXY` environment variables in the build - config's strategy." - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. Empty - means unset and will not result in an env var. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS - requests. Empty means unset and will not result in an env - var. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames - and/or CIDRs and/or IPs for which the proxy should not be - used. Empty means unset and will not result in an env var. - type: string - readinessEndpoints: - description: readinessEndpoints is a list of endpoints used - to verify readiness of the proxy. - items: - type: string - type: array - trustedCA: - description: "trustedCA is a reference to a ConfigMap containing - a CA certificate bundle. The trustedCA field should only - be consumed by a proxy validator. The validator is responsible - for reading the certificate bundle from the required key - \"ca-bundle.crt\", merging it with the system default trust - bundle, and writing the merged trust bundle to a ConfigMap - named \"trusted-ca-bundle\" in the \"openshift-config-managed\" - namespace. Clients that expect to make proxy connections - must use the trusted-ca-bundle for all HTTPS requests to - the proxy, and may use the trusted-ca-bundle for non-proxy - HTTPS requests as well. \n The namespace for the ConfigMap - referenced by trustedCA is \"openshift-config\". Here is - an example ConfigMap (in yaml): \n apiVersion: v1 kind: - ConfigMap metadata: name: user-ca-bundle namespace: openshift-config - data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom - CA certificate bundle. -----END CERTIFICATE-----" - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - type: object - env: - description: Env is a set of default environment variables that - will be applied to the build if the specified variables do not - exist on the build - items: - description: EnvVar represents an environment variable present - in a Container. - properties: - name: - description: Name of the environment variable. Must be a - C_IDENTIFIER. - type: string - value: - description: 'Variable references $(VAR_NAME) are expanded - using the previously defined environment variables in - the container and any service environment variables. If - a variable cannot be resolved, the reference in the input - string will be unchanged. Double $$ are reduced to a single - $, which allows for escaping the $(VAR_NAME) syntax: i.e. - "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". - Escaped references will never be expanded, regardless - of whether the variable exists or not. Defaults to "".' - type: string - valueFrom: - description: Source for the environment variable's value. - Cannot be used if value is not empty. - properties: - configMapKeyRef: - description: Selects a key of a ConfigMap. - properties: - key: - description: The key to select. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the ConfigMap or its - key must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - fieldRef: - description: 'Selects a field of the pod: supports metadata.name, - metadata.namespace, `metadata.labels['''']`, - `metadata.annotations['''']`, spec.nodeName, - spec.serviceAccountName, status.hostIP, status.podIP, - status.podIPs.' - properties: - apiVersion: - description: Version of the schema the FieldPath - is written in terms of, defaults to "v1". - type: string - fieldPath: - description: Path of the field to select in the - specified API version. - type: string - required: - - fieldPath - type: object - x-kubernetes-map-type: atomic - resourceFieldRef: - description: 'Selects a resource of the container: only - resources limits and requests (limits.cpu, limits.memory, - limits.ephemeral-storage, requests.cpu, requests.memory - and requests.ephemeral-storage) are currently supported.' - properties: - containerName: - description: 'Container name: required for volumes, - optional for env vars' - type: string - divisor: - anyOf: - - type: integer - - type: string - description: Specifies the output format of the - exposed resources, defaults to "1" - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - resource: - description: 'Required: resource to select' - type: string - required: - - resource - type: object - x-kubernetes-map-type: atomic - secretKeyRef: - description: Selects a key of a secret in the pod's - namespace - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, - uid?' - type: string - optional: - description: Specify whether the Secret or its key - must be defined - type: boolean - required: - - key - type: object - x-kubernetes-map-type: atomic - type: object - required: - - name - type: object - type: array - gitProxy: - description: "GitProxy contains the proxy settings for git operations - only. If set, this will override any Proxy settings for all - git commands, such as git clone. \n Values that are not set - here will be inherited from DefaultProxy." - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. Empty - means unset and will not result in an env var. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS - requests. Empty means unset and will not result in an env - var. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames - and/or CIDRs and/or IPs for which the proxy should not be - used. Empty means unset and will not result in an env var. - type: string - readinessEndpoints: - description: readinessEndpoints is a list of endpoints used - to verify readiness of the proxy. - items: - type: string - type: array - trustedCA: - description: "trustedCA is a reference to a ConfigMap containing - a CA certificate bundle. The trustedCA field should only - be consumed by a proxy validator. The validator is responsible - for reading the certificate bundle from the required key - \"ca-bundle.crt\", merging it with the system default trust - bundle, and writing the merged trust bundle to a ConfigMap - named \"trusted-ca-bundle\" in the \"openshift-config-managed\" - namespace. Clients that expect to make proxy connections - must use the trusted-ca-bundle for all HTTPS requests to - the proxy, and may use the trusted-ca-bundle for non-proxy - HTTPS requests as well. \n The namespace for the ConfigMap - referenced by trustedCA is \"openshift-config\". Here is - an example ConfigMap (in yaml): \n apiVersion: v1 kind: - ConfigMap metadata: name: user-ca-bundle namespace: openshift-config - data: ca-bundle.crt: | -----BEGIN CERTIFICATE----- Custom - CA certificate bundle. -----END CERTIFICATE-----" - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - type: object - imageLabels: - description: ImageLabels is a list of docker labels that are applied - to the resulting image. User can override a default label by - providing a label with the same name in their Build/BuildConfig. - items: - properties: - name: - description: Name defines the name of the label. It must - have non-zero length. - type: string - value: - description: Value defines the literal value of the label. - type: string - type: object - type: array - resources: - description: Resources defines resource requirements to execute - the build. - properties: - claims: - description: "Claims lists the names of resources, defined - in spec.resourceClaims, that are used by this container. - \n This is an alpha field and requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can only be - set for containers." - items: - description: ResourceClaim references one entry in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one entry in - pod.spec.resourceClaims of the Pod where this field - is used. It makes that resource available inside a - container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount of compute - resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount of compute - resources required. If Requests is omitted for a container, - it defaults to Limits if that is explicitly specified, otherwise - to an implementation-defined value. Requests cannot exceed - Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - type: object - buildOverrides: - description: BuildOverrides controls override settings for builds - properties: - forcePull: - description: ForcePull overrides, if set, the equivalent value - in the builds, i.e. false disables force pull for all builds, - true enables force pull for all builds, independently of what - each build specifies itself - type: boolean - imageLabels: - description: ImageLabels is a list of docker labels that are applied - to the resulting image. If user provided a label in their Build/BuildConfig - with the same name as one in this list, the user's label will - be overwritten. - items: - properties: - name: - description: Name defines the name of the label. It must - have non-zero length. - type: string - value: - description: Value defines the literal value of the label. - type: string - type: object - type: array - nodeSelector: - additionalProperties: - type: string - description: NodeSelector is a selector which must be true for - the build pod to fit on a node - type: object - tolerations: - description: Tolerations is a list of Tolerations that will override - any existing tolerations set on a build pod. - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1/custom.authentication.single.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/custom.authentication.single.testsuite.yaml deleted file mode 100644 index ac836788fcf..00000000000 --- a/vendor/github.com/openshift/api/config/v1/custom.authentication.single.testsuite.yaml +++ /dev/null @@ -1,284 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[CustomNoUpgrade] Authentication SingleNode" -crd: 0000_10_config-operator_01_authentication.crd-SingleNode-CustomNoUpgrade.yaml -tests: - onCreate: - - name: Should be able to create a minimal Authentication - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} # No spec is required for a Authentication - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} - - name: Should be able to use the OIDC type - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - - name: Cannot set username claim prefix with policy NoPrefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - prefix: - prefixString: "myoidc:" - expectedError: "prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" - - name: Can set username claim prefix with policy Prefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - prefix: - prefixString: "myoidc:" - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - prefix: - prefixString: "myoidc:" - - name: Cannot leave username claim prefix blank with policy Prefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - expectedError: "prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" - - name: Can set OIDC providers with no username prefixing - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - onUpdate: - - name: Updating OIDC provider with a client that's not in the status - initial: &initConfig | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: someclient - - componentNamespace: namespace - componentName: name - clientID: legitclient - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - updated: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: someclient - - componentNamespace: namespace - componentName: name - clientID: legitclient - - componentNamespace: dif-namespace # new client here - componentName: tehName - clientID: cool-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expectedError: "all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" - - name: Updating OIDC provider with a client that's different from the previous one - initial: *initConfig - updated: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: dif-namespace - componentName: tehName - clientID: cool-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expectedError: "all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" - - name: Updating previously existing client - initial: *initConfig - updated: &prevExistingUpdated | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *prevExistingUpdated - - name: Removing a configured client from the status (== component unregister) - initial: *initConfig - updated: &removeFromStatus | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - - componentNamespace: namespace - componentName: name - clientID: legitclient - status: - oidcClients: - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *removeFromStatus - - name: Simply add a valid client - initial: *initConfig - updated: &addClient | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - - componentNamespace: namespace - componentName: name - clientID: legitclient - - componentNamespace: namespace2 - componentName: name3 - clientID: justavalidclient - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *addClient diff --git a/vendor/github.com/openshift/api/config/v1/custom.authentication.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/custom.authentication.testsuite.yaml deleted file mode 100644 index 89be9ae0548..00000000000 --- a/vendor/github.com/openshift/api/config/v1/custom.authentication.testsuite.yaml +++ /dev/null @@ -1,284 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[CustomNoUpgrade] Authentication" -crd: 0000_10_config-operator_01_authentication.crd-SelfManagedHA-CustomNoUpgrade.yaml -tests: - onCreate: - - name: Should be able to create a minimal Authentication - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} # No spec is required for a Authentication - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} - - name: Should be able to use the OIDC type - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - - name: Cannot set username claim prefix with policy NoPrefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - prefix: - prefixString: "myoidc:" - expectedError: "prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" - - name: Can set username claim prefix with policy Prefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - prefix: - prefixString: "myoidc:" - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - prefix: - prefixString: "myoidc:" - - name: Cannot leave username claim prefix blank with policy Prefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - expectedError: "prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" - - name: Can set OIDC providers with no username prefixing - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - onUpdate: - - name: Updating OIDC provider with a client that's not in the status - initial: &initConfig | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: someclient - - componentNamespace: namespace - componentName: name - clientID: legitclient - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - updated: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: someclient - - componentNamespace: namespace - componentName: name - clientID: legitclient - - componentNamespace: dif-namespace # new client here - componentName: tehName - clientID: cool-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expectedError: "all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" - - name: Updating OIDC provider with a client that's different from the previous one - initial: *initConfig - updated: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: dif-namespace - componentName: tehName - clientID: cool-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expectedError: "all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" - - name: Updating previously existing client - initial: *initConfig - updated: &prevExistingUpdated | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *prevExistingUpdated - - name: Removing a configured client from the status (== component unregister) - initial: *initConfig - updated: &removeFromStatus | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - - componentNamespace: namespace - componentName: name - clientID: legitclient - status: - oidcClients: - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *removeFromStatus - - name: Simply add a valid client - initial: *initConfig - updated: &addClient | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - - componentNamespace: namespace - componentName: name - clientID: legitclient - - componentNamespace: namespace2 - componentName: name3 - clientID: justavalidclient - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *addClient diff --git a/vendor/github.com/openshift/api/config/v1/custom.clusterversion.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/custom.clusterversion.testsuite.yaml deleted file mode 100644 index f3090558b90..00000000000 --- a/vendor/github.com/openshift/api/config/v1/custom.clusterversion.testsuite.yaml +++ /dev/null @@ -1,472 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[CustomNoUpgrade] ClusterVersion" -crd: 0000_00_cluster-version-operator_01_clusterversion-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ClusterVersion - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - - name: Should allow image to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - image: bar - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - image: bar - - name: Should allow version to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - version: 4.11.1 - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - version: 4.11.1 - - name: Should allow architecture to be empty - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: "" - version: 4.11.1 - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: "" - version: 4.11.1 - - name: Should allow architecture and version to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - - name: Version must be set if architecture is set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - expectedError: "Version must be set if Architecture is set" - - name: Should not allow image and architecture to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - image: bar - expectedError: "cannot set both Architecture and Image" - - name: Should be able to create a ClusterVersion with base capability None, and additional capabilities baremetal and MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - - name: Should not be able to create a ClusterVersion with base capability None, and additional capabilities baremetal without MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - expectedError: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability - - name: Should be able to create a ClusterVersion with base capability None, and additional capabilities marketplace and OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - - name: Should not be able to create a ClusterVersion with base capability None, and additional capabilities marketplace without OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - expectedError: the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability - - name: Should be able to set a custom signature store - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: - - url: "https://osus.ocp.com" - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: - - url: "https://osus.ocp.com" - - name: Should be able to set multiple custom signature store - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: - - url: "https://osus1.ocp.com" - - url: "https://osus2.ocp.com" - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: - - url: "https://osus1.ocp.com" - - url: "https://osus2.ocp.com" - - name: Invalid custom signature store should throw error - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: - - url: "osus1.ocp.com" - expectedError: "url must be a valid absolute URL" - - name: Should be able to unset the signature stores - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: [] - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: [] - onUpdate: - - name: Should not allow image to be set if architecture set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - image: bar - expectedError: "cannot set both Architecture and Image" - - name: Should not allow architecture to be set if image set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - image: bar - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - image: bar - expectedError: "cannot set both Architecture and Image" - - name: Should be able to add the baremetal capability with a ClusterVersion with base capability None, and implicitly enabled MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - MachineAPI - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - MachineAPI - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - MachineAPI - - name: Should be able to add the baremetal capability with a ClusterVersion with base capability None, with the Machine API capability - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - - name: Should not be able to add the baremetal capability with a ClusterVersion with base capability None, and without MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - expectedError: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability - - name: Should be able to add the marketplace capability with a ClusterVersion with base capability None, and implicitly enabled OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - OperatorLifecycleManager - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - OperatorLifecycleManager - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - OperatorLifecycleManager - - name: Should be able to add the marketplace capability with a ClusterVersion with base capability None, with the OperatorLifecycleManager capability - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - - name: Should not be able to add the marketplace capability with a ClusterVersion with base capability None, and without OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - expectedError: the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability diff --git a/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml deleted file mode 100644 index 24433f4f75c..00000000000 --- a/vendor/github.com/openshift/api/config/v1/custom.infrastructure.testsuite.yaml +++ /dev/null @@ -1,321 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Custom] Infrastructure" -crd: 0000_10_config-operator_01_infrastructure-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Infrastructure - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} # No spec is required for a Infrastructure - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - onUpdate: - - name: Should not be able to modify an existing GCP ResourceLabels Label - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "changed"} - expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" - - name: Should not be able to add a Label to an existing GCP ResourceLabels - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - - {key: "new", value: "entry"} - expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" - - name: Should not be able to remove a Label from an existing GCP ResourceLabels - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - - {key: "new", value: "entry"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" - - name: Should not be able to add GCP ResourceLabels to an empty platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - gcp: - resourceLabels: - - {key: "key", value: "value"} - expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" - - name: Should not be able to remove GCP ResourceLabels from platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: {} - expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" - - name: Should not have label key start with openshift-io for GCP ResourceLabels in platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - - {key: "openshift-io-created-cluster", value: "true"} - expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" - - name: Should not have label key start with kubernetes-io for GCP ResourceLabels in platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - - {key: "kubernetes-io-created-cluster", value: "true"} - expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" - - name: Should not be able to modify an existing GCP ResourceTags Tag - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "changed"} - expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" - - name: Should not be able to add a Tag to an existing GCP ResourceTags - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - - {parentID: "test-project-123", key: "new", value: "tag"} - expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" - - name: Should not be able to remove a Tag from an existing GCP ResourceTags - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key1", value: "value1"} - - {parentID: "test-project-123", key: "key2", value: "value2"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key1", value: "value1"} - expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" - - name: Should not be able to add GCP ResourceTags to an empty platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" - - name: Should not be able to remove GCP ResourceTags from platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: {} - expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" - - name: Should not be able to modify ParentID of a Tag in the GCP ResourceTags - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "test-project-123", key: "key", value: "value"} - expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" diff --git a/vendor/github.com/openshift/api/config/v1/custom.scheduler.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/custom.scheduler.testsuite.yaml deleted file mode 100644 index 57b546b6367..00000000000 --- a/vendor/github.com/openshift/api/config/v1/custom.scheduler.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Scheduler" -crd: 0000_10_config-operator_01_scheduler-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Scheduler - initial: | - apiVersion: config.openshift.io/v1 - kind: Scheduler - spec: {} # No spec is required for a Scheduler - expected: | - apiVersion: config.openshift.io/v1 - kind: Scheduler - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.apiserver.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.apiserver.testsuite.yaml deleted file mode 100644 index 7536479c99d..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.apiserver.testsuite.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] APIServer" -crd: 0000_10_config-operator_01_apiserver.crd.yaml -tests: - onCreate: - - name: Should be able to create encrypt with aescbc - initial: | - apiVersion: config.openshift.io/v1 - kind: APIServer - spec: - encryption: - type: aescbc - expected: | - apiVersion: config.openshift.io/v1 - kind: APIServer - spec: - audit: - profile: Default - encryption: - type: aescbc - - name: Should be able to create encrypt with aesgcm - initial: | - apiVersion: config.openshift.io/v1 - kind: APIServer - spec: - encryption: - type: aesgcm - expected: | - apiVersion: config.openshift.io/v1 - kind: APIServer - spec: - audit: - profile: Default - encryption: - type: aesgcm - diff --git a/vendor/github.com/openshift/api/config/v1/stable.authentication.single.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.authentication.single.testsuite.yaml deleted file mode 100644 index 030a59962bc..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.authentication.single.testsuite.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Authentication SingleNode" -crd: 0000_10_config-operator_01_authentication.crd-SingleNode-Default.yaml -tests: - onCreate: - - name: Should be able to create a minimal Authentication - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} # No spec is required for a Authentication - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} - - name: Shouldn't be able to use the OIDC type in a stable version of the resource - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - expectedError: "spec.type: Unsupported value: \"OIDC\": supported values: \"\", \"None\", \"IntegratedOAuth\"" \ No newline at end of file diff --git a/vendor/github.com/openshift/api/config/v1/stable.authentication.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.authentication.testsuite.yaml deleted file mode 100644 index 318e7754393..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.authentication.testsuite.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Authentication" -crd: 0000_10_config-operator_01_authentication.crd-SelfManagedHA-Default.yaml -tests: - onCreate: - - name: Should be able to create a minimal Authentication - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} # No spec is required for a Authentication - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} - - name: Shouldn't be able to use the OIDC type in a stable version of the resource - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - expectedError: "spec.type: Unsupported value: \"OIDC\": supported values: \"\", \"None\", \"IntegratedOAuth\"" \ No newline at end of file diff --git a/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml deleted file mode 100644 index b422ebd2065..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.build.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Build" -crd: 0000_10_openshift-controller-manager-operator_01_build.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Build - initial: | - apiVersion: config.openshift.io/v1 - kind: Build - spec: {} # No spec is required for a Build - expected: | - apiVersion: config.openshift.io/v1 - kind: Build - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.clusteroperator.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.clusteroperator.testsuite.yaml deleted file mode 100644 index 177e8f69175..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.clusteroperator.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ClusterOperator" -crd: 0000_00_cluster-version-operator_01_clusteroperator.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ClusterOperator - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterOperator - spec: {} # No spec is required for a ClusterOperator - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterOperator - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml deleted file mode 100644 index 4c3fed149d8..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.clusterversion.testsuite.yaml +++ /dev/null @@ -1,418 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ClusterVersion" -crd: 0000_00_cluster-version-operator_01_clusterversion-Default.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ClusterVersion - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - - name: Should allow image to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - image: bar - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - image: bar - - name: Should allow version to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - version: 4.11.1 - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - version: 4.11.1 - - name: Should allow architecture to be empty - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: "" - version: 4.11.1 - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: "" - version: 4.11.1 - - name: Should allow architecture and version to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - - name: Version must be set if architecture is set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - expectedError: "Version must be set if Architecture is set" - - name: Should not allow image and architecture to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - image: bar - expectedError: "cannot set both Architecture and Image" - - name: Should be able to create a ClusterVersion with base capability None, and additional capabilities baremetal and MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - - name: Should not be able to create a ClusterVersion with base capability None, and additional capabilities baremetal without MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - expectedError: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability - - name: Should be able to create a ClusterVersion with base capability None, and additional capabilities marketplace and OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - - name: Should not be able to create a ClusterVersion with base capability None, and additional capabilities marketplace without OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - expectedError: the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability - onUpdate: - - name: Should not allow image to be set if architecture set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - image: bar - expectedError: "cannot set both Architecture and Image" - - name: Should not allow architecture to be set if image set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - image: bar - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - image: bar - expectedError: "cannot set both Architecture and Image" - - name: Should be able to add the baremetal capability with a ClusterVersion with base capability None, and implicitly enabled MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - MachineAPI - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - MachineAPI - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - MachineAPI - - name: Should be able to add the baremetal capability with a ClusterVersion with base capability None, with the Machine API capability - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - - name: Should not be able to add the baremetal capability with a ClusterVersion with base capability None, and without MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - expectedError: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability - - name: Should be able to add the marketplace capability with a ClusterVersion with base capability None, and implicitly enabled OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - OperatorLifecycleManager - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - OperatorLifecycleManager - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - OperatorLifecycleManager - - name: Should be able to add the marketplace capability with a ClusterVersion with base capability None, with the OperatorLifecycleManager capability - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - - name: Should not be able to add the marketplace capability with a ClusterVersion with base capability None, and without OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - expectedError: the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability diff --git a/vendor/github.com/openshift/api/config/v1/stable.console.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.console.testsuite.yaml deleted file mode 100644 index 0081816fc96..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.console.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Console" -crd: 0000_10_config-operator_01_console.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Console - initial: | - apiVersion: config.openshift.io/v1 - kind: Console - spec: {} # No spec is required for a Console - expected: | - apiVersion: config.openshift.io/v1 - kind: Console - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml deleted file mode 100644 index b8535da7991..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.dns.testsuite.yaml +++ /dev/null @@ -1,105 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] DNS" -crd: 0000_10_config-operator_01_dns.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal DNS - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: {} # No spec is required for a DNS - expected: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: {} - - name: Should be able to specify an AWS role ARN for a private hosted zone - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expected: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - - name: Should not be able to specify unsupported platform - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: Azure - azure: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expectedError: "Invalid value: \"string\": allowed values are '' and 'AWS'" - - name: Should not be able to specify invalid AWS role ARN - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - metadata: - name: cluster - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam:bad:123456789012:role/foo - expectedError: "DNS.config.openshift.io \"cluster\" is invalid: spec.platform.aws.privateZoneIAMRole: Invalid value: \"arn:aws:iam:bad:123456789012:role/foo\": spec.platform.aws.privateZoneIAMRole in body should match '^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\\/.*$'" - - name: Should not be able to specify different type and platform - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expectedError: "Invalid value: \"object\": aws configuration is required when platform is AWS, and forbidden otherwise" - onUpdate: - - name: Can switch from empty (default), to AWS - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" - updated: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - expected: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: AWS - aws: - privateZoneIAMRole: arn:aws:iam::123456789012:role/foo - - name: Upgrade case is valid - initial: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: {} # No spec is required for a DNS - updated: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" - expected: | - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - platform: - type: "" - diff --git a/vendor/github.com/openshift/api/config/v1/stable.featuregate.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.featuregate.testsuite.yaml deleted file mode 100644 index 6b6a4327a68..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.featuregate.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] FeatureGate" -crd: 0000_10_config-operator_01_featuregate.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal FeatureGate - initial: | - apiVersion: config.openshift.io/v1 - kind: FeatureGate - spec: {} # No spec is required for a FeatureGate - expected: | - apiVersion: config.openshift.io/v1 - kind: FeatureGate - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.hypershift.authentication.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.hypershift.authentication.testsuite.yaml deleted file mode 100644 index efe13cff728..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.hypershift.authentication.testsuite.yaml +++ /dev/null @@ -1,298 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable][Hypershift] Authentication" -crd: 0000_10_config-operator_01_authentication.crd-Hypershift.yaml -tests: - onCreate: - - name: Should be able to create a minimal Authentication - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} # No spec is required for a Authentication - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} - - name: Should be able to use the OIDC type - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - - name: Cannot set username claim prefix with policy NoPrefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - prefix: - prefixString: "myoidc:" - expectedError: "prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" - - name: Can set username claim prefix with policy Prefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - prefix: - prefixString: "myoidc:" - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - prefix: - prefixString: "myoidc:" - - name: Cannot leave username claim prefix blank with policy Prefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - expectedError: "prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" - - name: Can set OIDC providers with no username prefixing - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - onUpdate: - - name: Updating OIDC provider with a client that's not in the status - initial: &initConfig | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: someclient - - componentNamespace: namespace - componentName: name - clientID: legitclient - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - updated: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: someclient - - componentNamespace: namespace - componentName: name - clientID: legitclient - - componentNamespace: dif-namespace # new client here - componentName: tehName - clientID: cool-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expectedError: "all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" - - name: Updating OIDC provider with a client that's different from the previous one - initial: *initConfig - updated: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: dif-namespace - componentName: tehName - clientID: cool-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expectedError: "all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" - - name: Updating previously existing client - initial: *initConfig - updated: &prevExistingUpdated | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *prevExistingUpdated - - name: Removing a configured client from the status (== component unregister) - initial: *initConfig - updated: &removeFromStatus | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - - componentNamespace: namespace - componentName: name - clientID: legitclient - status: - oidcClients: - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *removeFromStatus - - name: Simply add a valid client - initial: *initConfig - updated: &addClient | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - - componentNamespace: namespace - componentName: name - clientID: legitclient - - componentNamespace: namespace2 - componentName: name3 - clientID: justavalidclient - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *addClient - - name: Remove all oidcProviders - initial: *initConfig - updated: &removeFromStatus | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - status: - oidcClients: - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *removeFromStatus diff --git a/vendor/github.com/openshift/api/config/v1/stable.image.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.image.testsuite.yaml deleted file mode 100644 index 6bfbb820ff9..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.image.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Image" -crd: 0000_10_config-operator_01_image.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Image - initial: | - apiVersion: config.openshift.io/v1 - kind: Image - spec: {} # No spec is required for a Image - expected: | - apiVersion: config.openshift.io/v1 - kind: Image - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.imagecontentpolicy.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.imagecontentpolicy.testsuite.yaml deleted file mode 100644 index bffdb6bcda0..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.imagecontentpolicy.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ImageContentPolicy" -crd: 0000_10_config-operator_01_imagecontentpolicy.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ImageContentPolicy - initial: | - apiVersion: config.openshift.io/v1 - kind: ImageContentPolicy - spec: {} # No spec is required for a ImageContentPolicy - expected: | - apiVersion: config.openshift.io/v1 - kind: ImageContentPolicy - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.imagedigestmirrorset.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.imagedigestmirrorset.testsuite.yaml deleted file mode 100644 index c25b1696bc2..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.imagedigestmirrorset.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ImageDigestMirrorSet" -crd: 0000_10_config-operator_01_imagedigestmirrorset.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ImageDigestMirrorSet - initial: | - apiVersion: config.openshift.io/v1 - kind: ImageDigestMirrorSet - spec: {} # No spec is required for a ImageDigestMirrorSet - expected: | - apiVersion: config.openshift.io/v1 - kind: ImageDigestMirrorSet - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.imagetagmirrorset.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.imagetagmirrorset.testsuite.yaml deleted file mode 100644 index de91eb2c594..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.imagetagmirrorset.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ImageTagMirrorSet" -crd: 0000_10_config-operator_01_imagetagmirrorset.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ImageTagMirrorSet - initial: | - apiVersion: config.openshift.io/v1 - kind: ImageTagMirrorSet - spec: {} # No spec is required for a ImageTagMirrorSet - expected: | - apiVersion: config.openshift.io/v1 - kind: ImageTagMirrorSet - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml deleted file mode 100644 index 6b322d1ce2e..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.infrastructure.testsuite.yaml +++ /dev/null @@ -1,1367 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Infrastructure" -crd: 0000_10_config-operator_01_infrastructure-Default.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Infrastructure - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} # No spec is required for a Infrastructure - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - - name: Should be able to pass 2 IP addresses to apiServerInternalIPs in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - apiServerInternalIPs: - - 192.0.2.1 - - "2001:db8::1" - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - apiServerInternalIPs: - - 192.0.2.1 - - "2001:db8::1" - - name: Should not be able to pass not-an-IP to apiServerInternalIPs in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - apiServerInternalIPs: - - not-an-ip-address - expectedError: "Invalid value: \"not-an-ip-address\"" - - name: Should not be able to pass 2 IPv4 addresses to apiServerInternalIPs in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - apiServerInternalIPs: - - 192.0.2.1 - - 192.0.2.2 - expectedError: "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" - - name: Should not be able to pass 2 IPv6 addresses to apiServerInternalIPs in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - apiServerInternalIPs: - - "2001:db8::1" - - "2001:db8::2" - expectedError: "apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" - - name: Should not be able to pass more than 2 entries to apiServerInternalIPs in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - apiServerInternalIPs: - - 192.0.2.1 - - "2001:db8::1" - - 192.0.2.2 - expectedError: "Too many: 3: must have at most 2 items" - - name: Should be able to pass 2 IP addresses to ingressIPs in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - ingressIPs: - - 192.0.2.1 - - "2001:db8::1" - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - ingressIPs: - - 192.0.2.1 - - "2001:db8::1" - - name: Should not be able to pass not-an-IP to ingressIPs in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - ingressIPs: - - not-an-ip-address - expectedError: "Invalid value: \"not-an-ip-address\"" - - name: Should not be able to pass 2 IPv4 addresses to ingressIPs in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - ingressIPs: - - 192.0.2.1 - - 192.0.2.2 - expectedError: "ingressIPs must contain at most one IPv4 address and at most one IPv6 address" - - name: Should not be able to pass 2 IPv6 addresses to ingressIPs in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - ingressIPs: - - "2001:db8::1" - - "2001:db8::2" - expectedError: "ingressIPs must contain at most one IPv4 address and at most one IPv6 address" - - name: Should not be able to pass more than 2 entries to ingressIPs in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - ingressIPs: - - 192.0.2.1 - - "2001:db8::1" - - 192.0.2.2 - expectedError: "Too many: 3: must have at most 2 items" - - name: Should be able to pass 2 IP subnets addresses to machineNetworks in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - machineNetworks: - - "192.0.2.0/24" - - "2001:db8::0/32" - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - machineNetworks: - - "192.0.2.0/24" - - "2001:db8::0/32" - - name: Should not be able to pass not-a-CIDR to machineNetworks in the platform spec - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: - machineNetworks: - - 192.0.2.1 - expectedError: "Invalid value: \"192.0.2.1\"" - onUpdate: - - name: Should be able to change External platformName from unknown to something else - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: External - external: - platformName: Unknown - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: External - external: - platformName: M&PCloud - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: External - external: - platformName: M&PCloud - - name: Should not be able to change External platformName once it was set - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: External - external: - platformName: M&PCloud - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: External - external: - platformName: SomeOtherCoolplatformName - expectedError: " spec.platformSpec.external.platformName: Invalid value: \"string\": platform name cannot be changed once set" - - name: Should not be able to modify an existing Azure ResourceTags Tag - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: Azure - platformStatus: - type: Azure - azure: - resourceTags: - - {key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: Azure - platformStatus: - type: Azure - azure: - resourceTags: - - {key: "key", value: "changed"} - expectedStatusError: "status.platformStatus.azure.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" - - name: Should not be able to add a Tag to an existing Azure ResourceTags - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: Azure - platformStatus: - type: Azure - azure: - resourceTags: - - {key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: Azure - platformStatus: - type: Azure - azure: - resourceTags: - - {key: "key", value: "value"} - - {key: "new", value: "entry"} - expectedStatusError: "status.platformStatus.azure.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" - - name: Should not be able to remove a Tag from an existing Azure ResourceTags - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: Azure - platformStatus: - type: Azure - azure: - resourceTags: - - {key: "key", value: "value"} - - {key: "new", value: "entry"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: Azure - platformStatus: - type: Azure - azure: - resourceTags: - - {key: "key", value: "value"} - expectedStatusError: "status.platformStatus.azure.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" - - name: Should not be able to add Azure ResourceTags to an empty platformStatus.azure - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: Azure - platformStatus: - type: Azure - azure: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: Azure - platformStatus: - azure: - resourceTags: - - {key: "key", value: "value"} - expectedStatusError: "status.platformStatus.azure: Invalid value: \"object\": resourceTags may only be configured during installation" - - name: Should not be able to remove Azure ResourceTags from platformStatus.azure - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: Azure - platformStatus: - type: Azure - azure: - resourceTags: - - {key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: Azure - platformStatus: - type: Azure - azure: {} - expectedStatusError: "status.platformStatus.azure: Invalid value: \"object\": resourceTags may only be configured during installation" - - name: Should be able to modify the ResourceGroupName while Azure ResourceTags are present - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: Azure - platformStatus: - type: Azure - azure: - resourceGroupName: foo - resourceTags: - - {key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: Azure - platformStatus: - azure: - resourceGroupName: bar - resourceTags: - - {key: "key", value: "value"} - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - cpuPartitioning: None - platform: Azure - platformStatus: - azure: - resourceGroupName: bar - resourceTags: - - {key: "key", value: "value"} - - name: PowerVS platform status's resourceGroup length should not exceed the max length set - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: PowerVS - status: - platform: PowerVS - platformStatus: - powervs: - resourceGroup: resource-group - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: PowerVS - status: - platform: PowerVS - platformStatus: - powervs: - resourceGroup: resource-group-should-not-accept-the-string-that-exceeds-max-length-set - expectedStatusError: "platformStatus.powervs.resourceGroup: Too long: may not be longer than 40" - - name: PowerVS platform status's resourceGroup should match the regex configured - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: PowerVS - status: - platform: PowerVS - platformStatus: - powervs: - resourceGroup: resource-group - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: PowerVS - status: - platform: PowerVS - platformStatus: - powervs: - resourceGroup: re$ource-group - expectedStatusError: "platformStatus.powervs.resourceGroup in body should match '^[a-zA-Z0-9-_ ]+$'" - - name: Should not be able to change PowerVS platform status's resourceGroup once it was set - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: PowerVS - status: - platform: PowerVS - platformStatus: - powervs: - resourceGroup: resource-group - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: PowerVS - status: - platform: PowerVS - platformStatus: - powervs: - resourceGroup: other-resource-group-name - expectedStatusError: "status.platformStatus.powervs.resourceGroup: Invalid value: \"string\": resourceGroup is immutable once set" - - name: Should not be able to unset PowerVS platform status's resourceGroup once it was set - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: PowerVS - status: - platform: PowerVS - platformStatus: - powervs: - region: some-region - resourceGroup: resource-group - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: PowerVS - status: - platform: PowerVS - platformStatus: - powervs: - region: some-region - expectedStatusError: "status.platformStatus.powervs: Invalid value: \"object\": cannot unset resourceGroup once set" - - name: Should set load balancer type to OpenShiftManagedDefault if not specified - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - openstack: {} - type: OpenStack - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - openstack: {} - type: OpenStack - status: - platform: OpenStack - platformStatus: - openstack: {} - type: OpenStack - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - openstack: {} - type: OpenStack - status: - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - platform: OpenStack - platformStatus: - openstack: - loadBalancer: - type: OpenShiftManagedDefault - type: OpenStack - - name: Should be able to override the default BareMetal load balancer with a valid value - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - baremetal: {} - type: BareMetal - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - baremetal: {} - type: BareMetal - status: - platform: BareMetal - platformStatus: - baremetal: - loadBalancer: - type: UserManaged - type: BareMetal - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - baremetal: {} - type: BareMetal - status: - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - platform: BareMetal - platformStatus: - baremetal: - loadBalancer: - type: UserManaged - type: BareMetal - - name: Should be able to override the default OpenStack load balancer with a valid value - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - openstack: {} - type: OpenStack - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - openstack: {} - type: OpenStack - status: - platform: OpenStack - platformStatus: - openstack: - loadBalancer: - type: UserManaged - type: OpenStack - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - openstack: {} - type: OpenStack - status: - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - platform: OpenStack - platformStatus: - openstack: - loadBalancer: - type: UserManaged - type: OpenStack - - name: Should not allow changing the immutable BareMetal load balancer type field - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - baremetal: {} - type: BareMetal - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: BareMetal - platformStatus: - baremetal: - loadBalancer: - type: OpenShiftManagedDefault - type: BareMetal - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: BareMetal - platformStatus: - baremetal: - loadBalancer: - type: UserManaged - type: BareMetal - expectedStatusError: "status.platformStatus.baremetal.loadBalancer.type: Invalid value: \"string\": type is immutable once set" - - name: Should not allow changing the immutable OpenStack load balancer type field - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - openstack: {} - type: OpenStack - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: OpenStack - platformStatus: - openstack: - loadBalancer: - type: OpenShiftManagedDefault - type: OpenStack - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: OpenStack - openstack: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: OpenStack - platformStatus: - openstack: - loadBalancer: - type: UserManaged - type: OpenStack - expectedStatusError: "status.platformStatus.openstack.loadBalancer.type: Invalid value: \"string\": type is immutable once set" - - name: Should not allow removing the immutable OpenStack load balancer type field that was initially set - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - openstack: {} - type: OpenStack - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: OpenStack - platformStatus: - openstack: - loadBalancer: - type: UserManaged - type: OpenStack - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: OpenStack - openstack: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: OpenStack - platformStatus: - openstack: {} - type: OpenStack - expectedStatusError: "status.platformStatus.openstack.loadBalancer.type: Invalid value: \"string\": type is immutable once set" - - name: Should not allow removing the immutable BareMetal load balancer type field that was initially set - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - baremetal: {} - type: BareMetal - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: BareMetal - platformStatus: - baremetal: - loadBalancer: - type: UserManaged - type: BareMetal - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: BareMetal - baremetal: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: BareMetal - platformStatus: - baremetal: {} - type: BareMetal - expectedStatusError: "status.platformStatus.baremetal.loadBalancer.type: Invalid value: \"string\": type is immutable once set" - - name: Should not allow setting the load balancer type to a wrong value - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - openstack: {} - type: OpenStack - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - openstack: {} - type: OpenStack - status: - platform: OpenStack - platformStatus: - openstack: - loadBalancer: - type: FooBar - type: OpenStack - expectedStatusError: "platformStatus.openstack.loadBalancer.type: Unsupported value: \"FooBar\": supported values: \"OpenShiftManagedDefault\", \"UserManaged\"" - - name: Should not be able to update cloudControllerManager state to empty string when state is already set to None - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platformStatus: - external: - cloudControllerManager: - state: "" - expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" - - name: Should not be able to update cloudControllerManager state to External when state is already set to None - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" - - name: Should be able to update cloudControllerManager state to None when state is already set to None - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - cpuPartitioning: None - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - - name: Should not be able to unset cloudControllerManager state when state is already set to None - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: {} - expectedStatusError: " status.platformStatus.external.cloudControllerManager: Invalid value: \"object\": state may not be added or removed once set" - - name: Should not be able to update cloudControllerManager state to empty string when state is already set to External - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" - - name: Should not be able to update cloudControllerManager state to None when state is already set to External - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" - - name: Should be able to update cloudControllerManager state to External when state is already set to External - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - cpuPartitioning: None - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - - name: Should not be able to unset cloudControllerManager state when state is already set to External - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: {} - expectedStatusError: " status.platformStatus.external.cloudControllerManager: Invalid value: \"object\": state may not be added or removed once set" - - name: Should not be able to update cloudControllerManager state to None when state is already set to empty string - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" - - name: Should not be able to update cloudControllerManager state to External when state is already set to empty string - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - expectedStatusError: " status.platformStatus.external.cloudControllerManager.state: Invalid value: \"string\": state is immutable once set" - - name: Should be able to update cloudControllerManager state to empty string when state is already set to empty string - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - cpuPartitioning: None - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - - name: Should not be able to unset cloudControllerManager state when state is already set to empty string - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: {} - expectedStatusError: " status.platformStatus.external.cloudControllerManager: Invalid value: \"object\": state may not be added or removed once set" - - name: Should be able to update cloudControllerManager state to None when cloudControllerManager state is unset - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - cpuPartitioning: None - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: None - - name: Should be able to update cloudControllerManager state to empty string when cloudControllerManager state is unset - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - cpuPartitioning: None - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: "" - - name: Should not be able to update cloudControllerManager state to External when cloudControllerManager state is unset - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - expectedStatusError: " status.platformStatus.external.cloudControllerManager: Invalid value: \"object\": state may not be added or removed once set" - - name: Should be able to unset cloudControllerManager state when cloudControllerManager state is unset - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: {} - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - cpuPartitioning: None - platform: External - platformStatus: - type: External - external: - cloudControllerManager: {} - - name: Should not be able to add cloudControllerManager when cloudControllerManager is unset - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - expectedStatusError: " status.platformStatus.external: Invalid value: \"object\": cloudControllerManager may not be added or removed once set" - - name: Should not be able to remove cloudControllerManager when cloudControllerManager is set - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: - cloudControllerManager: - state: External - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: External - platformStatus: - type: External - external: {} - expectedStatusError: " status.platformStatus.external: Invalid value: \"object\": cloudControllerManager may not be added or removed once set" - - name: Should be able to add valid (URL) ServiceEndpoints to IBMCloud PlatformStatus - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: IBMCloud - platformStatus: - type: IBMCloud - ibmcloud: - serviceEndpoints: [] - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: IBMCloud - platformStatus: - type: IBMCloud - ibmcloud: - serviceEndpoints: - - name: VPC - url: https://dummy.vpc.com - - name: COS - url: https://dummy.cos.com - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - platform: IBMCloud - platformStatus: - type: IBMCloud - ibmcloud: - serviceEndpoints: - - name: VPC - url: https://dummy.vpc.com - - name: COS - url: https://dummy.cos.com - - name: Should not be able to add empty (URL) ServiceEndpoints to IBMCloud PlatformStatus - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: IBMCloud - platformStatus: - type: IBMCloud - ibmcloud: - serviceEndpoints: [] - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: IBMCloud - platformStatus: - type: IBMCloud - ibmcloud: - serviceEndpoints: - - name: COS - url: " " - expectedStatusError: " status.platformStatus.ibmcloud.serviceEndpoints[0].url: Invalid value: \"string\": url must be a valid absolute URL" - - name: Should not be able to add invalid (URL) ServiceEndpoints to IBMCloud PlatformStatus - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: IBMCloud - platformStatus: - type: IBMCloud - ibmcloud: - serviceEndpoints: [] - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: IBMCloud - platformStatus: - type: IBMCloud - ibmcloud: - serviceEndpoints: - - name: VPC - url: https://dummy.vpc.com - - name: COS - url: dummy-cos-com - expectedStatusError: "platformStatus.ibmcloud.serviceEndpoints[1].url: Invalid value: \"string\": url must be a valid absolute URL" - - name: Should not be able to add invalid (Name) ServiceEndpoints to IBMCloud PlatformStatus - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: IBMCloud - platformStatus: - type: IBMCloud - ibmcloud: - serviceEndpoints: [] - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: IBMCloud - platformStatus: - type: IBMCloud - ibmcloud: - serviceEndpoints: - - name: VPC - url: https://dummy.vpc.com - - name: BadService - url: https://bad-service.com - expectedStatusError: "platformStatus.ibmcloud.serviceEndpoints[1].name: Unsupported value: \"BadService\": supported values: \"CIS\", \"COS\", \"DNSServices\", \"GlobalSearch\", \"GlobalTagging\", \"HyperProtect\", \"IAM\", \"KeyProtect\", \"ResourceController\", \"ResourceManager\", \"VPC\"" diff --git a/vendor/github.com/openshift/api/config/v1/stable.ingress.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.ingress.testsuite.yaml deleted file mode 100644 index 90d48e89652..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.ingress.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Ingress" -crd: 0000_10_config-operator_01_ingress.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Ingress - initial: | - apiVersion: config.openshift.io/v1 - kind: Ingress - spec: {} # No spec is required for a Ingress - expected: | - apiVersion: config.openshift.io/v1 - kind: Ingress - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.network.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.network.testsuite.yaml deleted file mode 100644 index fcfe4b839f7..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.network.testsuite.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Network" -crd: 0000_10_config-operator_01_network.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Network - initial: | - apiVersion: config.openshift.io/v1 - kind: Network - spec: {} # No spec is required for a Network - expected: | - apiVersion: config.openshift.io/v1 - kind: Network - spec: {} - - name: Should be able to set status conditions - initial: | - apiVersion: config.openshift.io/v1 - kind: Network - spec: {} # No spec is required for a Network - status: - conditions: - - type: NetworkTypeMigrationInProgress - status: "False" - reason: "Reason" - message: "Message" - lastTransitionTime: "2023-10-25T12:00:00Z" - expected: | - apiVersion: config.openshift.io/v1 - kind: Network - spec: {} - status: - conditions: - - type: NetworkTypeMigrationInProgress - status: "False" - reason: "Reason" - message: "Message" - lastTransitionTime: "2023-10-25T12:00:00Z" diff --git a/vendor/github.com/openshift/api/config/v1/stable.node.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.node.testsuite.yaml deleted file mode 100644 index d6502600bc8..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.node.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Node" -crd: 0000_10_config-operator_01_node.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Node - initial: | - apiVersion: config.openshift.io/v1 - kind: Node - spec: {} # No spec is required for a Node - expected: | - apiVersion: config.openshift.io/v1 - kind: Node - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.oauth.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.oauth.testsuite.yaml deleted file mode 100644 index d33d2bc1b10..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.oauth.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] OAuth" -crd: 0000_10_config-operator_01_oauth.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal OAuth - initial: | - apiVersion: config.openshift.io/v1 - kind: OAuth - spec: {} # No spec is required for a OAuth - expected: | - apiVersion: config.openshift.io/v1 - kind: OAuth - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.operatorhub.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.operatorhub.testsuite.yaml deleted file mode 100644 index 9dd7a4c6d64..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.operatorhub.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] OperatorHub" -crd: 0000_03_marketplace-operator_01_operatorhub.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal OperatorHub - initial: | - apiVersion: config.openshift.io/v1 - kind: OperatorHub - spec: {} # No spec is required for a OperatorHub - expected: | - apiVersion: config.openshift.io/v1 - kind: OperatorHub - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.project.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.project.testsuite.yaml deleted file mode 100644 index 0144ad32f2a..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.project.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Project" -crd: 0000_10_config-operator_01_project.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Project - initial: | - apiVersion: config.openshift.io/v1 - kind: Project - spec: {} # No spec is required for a Project - expected: | - apiVersion: config.openshift.io/v1 - kind: Project - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.proxy.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.proxy.testsuite.yaml deleted file mode 100644 index d49b83247a1..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.proxy.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Proxy" -crd: 0000_03_config-operator_01_proxy.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Proxy - initial: | - apiVersion: config.openshift.io/v1 - kind: Proxy - spec: {} # No spec is required for a Proxy - expected: | - apiVersion: config.openshift.io/v1 - kind: Proxy - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/stable.scheduler.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/stable.scheduler.testsuite.yaml deleted file mode 100644 index d659654820a..00000000000 --- a/vendor/github.com/openshift/api/config/v1/stable.scheduler.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Scheduler" -crd: 0000_10_config-operator_01_scheduler-Default.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Scheduler - initial: | - apiVersion: config.openshift.io/v1 - kind: Scheduler - spec: {} # No spec is required for a Scheduler - expected: | - apiVersion: config.openshift.io/v1 - kind: Scheduler - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/techpreview.authentication.single.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/techpreview.authentication.single.testsuite.yaml deleted file mode 100644 index 19245c5c707..00000000000 --- a/vendor/github.com/openshift/api/config/v1/techpreview.authentication.single.testsuite.yaml +++ /dev/null @@ -1,298 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreviewNoUpgrade] Authentication SingleNode" -crd: 0000_10_config-operator_01_authentication.crd-SingleNode-TechPreviewNoUpgrade.yaml -tests: - onCreate: - - name: Should be able to create a minimal Authentication - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} # No spec is required for a Authentication - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} - - name: Should be able to use the OIDC type - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - - name: Cannot set username claim prefix with policy NoPrefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - prefix: - prefixString: "myoidc:" - expectedError: "prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" - - name: Can set username claim prefix with policy Prefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - prefix: - prefixString: "myoidc:" - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - prefix: - prefixString: "myoidc:" - - name: Cannot leave username claim prefix blank with policy Prefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - expectedError: "prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" - - name: Can set OIDC providers with no username prefixing - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - onUpdate: - - name: Updating OIDC provider with a client that's not in the status - initial: &initConfig | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: someclient - - componentNamespace: namespace - componentName: name - clientID: legitclient - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - updated: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: someclient - - componentNamespace: namespace - componentName: name - clientID: legitclient - - componentNamespace: dif-namespace # new client here - componentName: tehName - clientID: cool-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expectedError: "all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" - - name: Updating OIDC provider with a client that's different from the previous one - initial: *initConfig - updated: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: dif-namespace - componentName: tehName - clientID: cool-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expectedError: "all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" - - name: Updating previously existing client - initial: *initConfig - updated: &prevExistingUpdated | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *prevExistingUpdated - - name: Removing a configured client from the status (== component unregister) - initial: *initConfig - updated: &removeFromStatus | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - - componentNamespace: namespace - componentName: name - clientID: legitclient - status: - oidcClients: - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *removeFromStatus - - name: Simply add a valid client - initial: *initConfig - updated: &addClient | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - - componentNamespace: namespace - componentName: name - clientID: legitclient - - componentNamespace: namespace2 - componentName: name3 - clientID: justavalidclient - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *addClient - - name: Remove all oidcProviders - initial: *initConfig - updated: &removeFromStatus | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - status: - oidcClients: - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *removeFromStatus diff --git a/vendor/github.com/openshift/api/config/v1/techpreview.authentication.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/techpreview.authentication.testsuite.yaml deleted file mode 100644 index 037688b137c..00000000000 --- a/vendor/github.com/openshift/api/config/v1/techpreview.authentication.testsuite.yaml +++ /dev/null @@ -1,298 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreviewNoUpgrade] Authentication" -crd: 0000_10_config-operator_01_authentication.crd-SelfManagedHA-TechPreviewNoUpgrade.yaml -tests: - onCreate: - - name: Should be able to create a minimal Authentication - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} # No spec is required for a Authentication - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: {} - - name: Should be able to use the OIDC type - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - - name: Cannot set username claim prefix with policy NoPrefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - prefix: - prefixString: "myoidc:" - expectedError: "prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" - - name: Can set username claim prefix with policy Prefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - prefix: - prefixString: "myoidc:" - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - prefix: - prefixString: "myoidc:" - - name: Cannot leave username claim prefix blank with policy Prefix - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: Prefix - expectedError: "prefix must be set if prefixPolicy is 'Prefix', but must remain unset otherwise" - - name: Can set OIDC providers with no username prefixing - initial: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - expected: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - claimMappings: - username: - claim: "preferred_username" - prefixPolicy: NoPrefix - onUpdate: - - name: Updating OIDC provider with a client that's not in the status - initial: &initConfig | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: someclient - - componentNamespace: namespace - componentName: name - clientID: legitclient - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - updated: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: someclient - - componentNamespace: namespace - componentName: name - clientID: legitclient - - componentNamespace: dif-namespace # new client here - componentName: tehName - clientID: cool-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expectedError: "all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" - - name: Updating OIDC provider with a client that's different from the previous one - initial: *initConfig - updated: | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: dif-namespace - componentName: tehName - clientID: cool-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expectedError: "all oidcClients in the oidcProviders must match their componentName and componentNamespace to either a previously configured oidcClient or they must exist in the status.oidcClients" - - name: Updating previously existing client - initial: *initConfig - updated: &prevExistingUpdated | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *prevExistingUpdated - - name: Removing a configured client from the status (== component unregister) - initial: *initConfig - updated: &removeFromStatus | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - - componentNamespace: namespace - componentName: name - clientID: legitclient - status: - oidcClients: - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *removeFromStatus - - name: Simply add a valid client - initial: *initConfig - updated: &addClient | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - oidcProviders: - - name: myoidc - issuer: - issuerURL: https://meh.tld - audiences: ['openshift-aud'] - oidcClients: - - componentNamespace: namespace - componentName: preexisting - clientID: different-client - - componentNamespace: namespace - componentName: name - clientID: legitclient - - componentNamespace: namespace2 - componentName: name3 - clientID: justavalidclient - status: - oidcClients: - - componentNamespace: namespace - componentName: name - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *addClient - - name: Remove all oidcProviders - initial: *initConfig - updated: &removeFromStatus | - apiVersion: config.openshift.io/v1 - kind: Authentication - spec: - type: OIDC - status: - oidcClients: - - componentNamespace: namespace2 - componentName: name2 - - componentNamespace: namespace2 - componentName: name3 - expected: *removeFromStatus diff --git a/vendor/github.com/openshift/api/config/v1/techpreview.clusterversion.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/techpreview.clusterversion.testsuite.yaml deleted file mode 100644 index 71988108e5c..00000000000 --- a/vendor/github.com/openshift/api/config/v1/techpreview.clusterversion.testsuite.yaml +++ /dev/null @@ -1,472 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreviewNoUpgrade] ClusterVersion" -crd: 0000_00_cluster-version-operator_01_clusterversion-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ClusterVersion - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - - name: Should allow image to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - image: bar - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - image: bar - - name: Should allow version to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - version: 4.11.1 - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - version: 4.11.1 - - name: Should allow architecture to be empty - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: "" - version: 4.11.1 - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: "" - version: 4.11.1 - - name: Should allow architecture and version to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - - name: Version must be set if architecture is set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - expectedError: "Version must be set if Architecture is set" - - name: Should not allow image and architecture to be set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - image: bar - expectedError: "cannot set both Architecture and Image" - - name: Should be able to create a ClusterVersion with base capability None, and additional capabilities baremetal and MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - - name: Should not be able to create a ClusterVersion with base capability None, and additional capabilities baremetal without MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - expectedError: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability - - name: Should be able to create a ClusterVersion with base capability None, and additional capabilities marketplace and OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - - name: Should not be able to create a ClusterVersion with base capability None, and additional capabilities marketplace without OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - expectedError: the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability - - name: Should be able to set a custom signature store - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: - - url: "https://osus.ocp.com" - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: - - url: "https://osus.ocp.com" - - name: Should be able to set multiple custom signature store - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: - - url: "https://osus1.ocp.com" - - url: "https://osus2.ocp.com" - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: - - url: "https://osus1.ocp.com" - - url: "https://osus2.ocp.com" - - name: Invalid custom signature store should throw error - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: - - url: "osus1.ocp.com" - expectedError: "url must be a valid absolute URL" - - name: Should be able to unset the signature stores - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: [] - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - signatureStores: [] - onUpdate: - - name: Should not allow image to be set if architecture set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - image: bar - expectedError: "cannot set both Architecture and Image" - - name: Should not allow architecture to be set if image set - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - image: bar - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - desiredUpdate: - architecture: Multi - version: 4.11.1 - image: bar - expectedError: "cannot set both Architecture and Image" - - name: Should be able to add the baremetal capability with a ClusterVersion with base capability None, and implicitly enabled MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - MachineAPI - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - MachineAPI - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - MachineAPI - - name: Should be able to add the baremetal capability with a ClusterVersion with base capability None, with the Machine API capability - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - - MachineAPI - - name: Should not be able to add the baremetal capability with a ClusterVersion with base capability None, and without MachineAPI - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - baremetal - expectedError: the `baremetal` capability requires the `MachineAPI` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `MachineAPI` capability - - name: Should be able to add the marketplace capability with a ClusterVersion with base capability None, and implicitly enabled OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - OperatorLifecycleManager - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - OperatorLifecycleManager - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - status: - desired: - version: foo - image: foo - observedGeneration: 1 - versionHash: foo - availableUpdates: - - version: foo - image: foo - capabilities: - enabledCapabilities: - - OperatorLifecycleManager - - name: Should be able to add the marketplace capability with a ClusterVersion with base capability None, with the OperatorLifecycleManager capability - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - expected: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - - OperatorLifecycleManager - - name: Should not be able to add the marketplace capability with a ClusterVersion with base capability None, and without OperatorLifecycleManager - initial: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - updated: | - apiVersion: config.openshift.io/v1 - kind: ClusterVersion - spec: - clusterID: foo - capabilities: - baselineCapabilitySet: None - additionalEnabledCapabilities: - - marketplace - expectedError: the `marketplace` capability requires the `OperatorLifecycleManager` capability, which is neither explicitly or implicitly enabled in this cluster, please enable the `OperatorLifecycleManager` capability diff --git a/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml deleted file mode 100644 index 9346a8aceea..00000000000 --- a/vendor/github.com/openshift/api/config/v1/techpreview.infrastructure.testsuite.yaml +++ /dev/null @@ -1,644 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreviewNoUpgrade] Infrastructure" -crd: 0000_10_config-operator_01_infrastructure-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Infrastructure - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} # No spec is required for a Infrastructure - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - onUpdate: - - name: Status Should contain default fields - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: {} - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - controlPlaneTopology: HighlyAvailable - - name: Status update cpuPartitioning should fail validation check - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - cpuPartitioning: None - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - cpuPartitioning: "Invalid" - expectedStatusError: 'cpuPartitioning: Unsupported value: "Invalid": supported values: "None", "AllNodes"' - - name: Should set load balancer type to OpenShiftManagedDefault if not specified - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - baremetal: {} - type: BareMetal - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - baremetal: {} - type: BareMetal - status: - platform: BareMetal - platformStatus: - baremetal: {} - type: BareMetal - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - baremetal: {} - type: BareMetal - status: - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - platform: BareMetal - platformStatus: - baremetal: - loadBalancer: - type: OpenShiftManagedDefault - type: BareMetal - - name: Should not allow setting the load balancer type to a wrong value - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - baremetal: {} - type: BareMetal - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - baremetal: {} - type: BareMetal - status: - platform: BareMetal - platformStatus: - baremetal: - loadBalancer: - type: FooBar - type: BareMetal - expectedStatusError: "platformStatus.baremetal.loadBalancer.type: Unsupported value: \"FooBar\": supported values: \"OpenShiftManagedDefault\", \"UserManaged\"" - - name: Should not be able to modify an existing GCP ResourceLabels Label - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "changed"} - expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" - - name: Should not be able to add a Label to an existing GCP ResourceLabels - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - - {key: "new", value: "entry"} - expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" - - name: Should not be able to remove a Label from an existing GCP ResourceLabels - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - - {key: "new", value: "entry"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - expectedStatusError: "status.platformStatus.gcp.resourceLabels: Invalid value: \"array\": resourceLabels are immutable and may only be configured during installation" - - name: Should not be able to add GCP ResourceLabels to an empty platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - gcp: - resourceLabels: - - {key: "key", value: "value"} - expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" - - name: Should not be able to remove GCP ResourceLabels from platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: {} - expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceLabels may only be configured during installation" - - name: Should not have label key start with openshift-io for GCP ResourceLabels in platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - - {key: "openshift-io-created-cluster", value: "true"} - expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" - - name: Should not have label key start with kubernetes-io for GCP ResourceLabels in platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceLabels: - - {key: "key", value: "value"} - - {key: "kubernetes-io-created-cluster", value: "true"} - expectedStatusError: "status.platformStatus.gcp.resourceLabels[1].key: Invalid value: \"string\": label keys must not start with either `openshift-io` or `kubernetes-io`" - - name: Should not be able to modify an existing GCP ResourceTags Tag - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "changed"} - expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" - - name: Should not be able to add a Tag to an existing GCP ResourceTags - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - - {parentID: "test-project-123", key: "new", value: "tag"} - expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" - - name: Should not be able to remove a Tag from an existing GCP ResourceTags - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key1", value: "value1"} - - {parentID: "test-project-123", key: "key2", value: "value2"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key1", value: "value1"} - expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" - - name: Should not be able to add GCP ResourceTags to an empty platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: {} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" - - name: Should not be able to remove GCP ResourceTags from platformStatus.gcp - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: {} - expectedStatusError: "status.platformStatus.gcp: Invalid value: \"object\": resourceTags may only be configured during installation" - - name: Should not be able to modify ParentID of a Tag in the GCP ResourceTags - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - controlPlaneTopology: "HighlyAvailable" - infrastructureTopology: "HighlyAvailable" - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "1234567890", key: "key", value: "value"} - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: {} - status: - platform: GCP - platformStatus: - type: GCP - gcp: - resourceTags: - - {parentID: "test-project-123", key: "key", value: "value"} - expectedStatusError: "status.platformStatus.gcp.resourceTags: Invalid value: \"array\": resourceTags are immutable and may only be configured during installation" - - name: dnsType should default to `PlatformDefault` when not specified - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - gcp: {} - type: GCP - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: {} - type: GCP - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: GCP - gcp: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: {} - type: GCP - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: GCP - gcp: {} - status: - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: - cloudLoadBalancerConfig: - dnsType: PlatformDefault - type: GCP - - name: should be able to set dnsType to non-default value of `ClusterHosted` - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - gcp: {} - type: GCP - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: GCP - gcp: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: - cloudLoadBalancerConfig: - dnsType: ClusterHosted - type: GCP - expected: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: GCP - gcp: {} - status: - controlPlaneTopology: HighlyAvailable - cpuPartitioning: None - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: - cloudLoadBalancerConfig: - dnsType: ClusterHosted - type: GCP - - name: Should not allow changing the immutable dnsType field - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - gcp: {} - type: GCP - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: - cloudLoadBalancerConfig: - dnsType: ClusterHosted - clusterHosted: - apiIntLoadBalancerIPs: - - 10.10.10.20 - type: GCP - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: GCP - gcp: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: - cloudLoadBalancerConfig: - dnsType: PlatformDefault - type: GCP - expectedStatusError: "status.platformStatus.gcp.cloudLoadBalancerConfig.dnsType: Invalid value: \"string\": dnsType is immutable" - - name: Should not accept non-IP address values for Load Balancer IPs - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - gcp: {} - type: GCP - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: - cloudLoadBalancerConfig: - dnsType: ClusterHosted - clusterHosted: - apiIntLoadBalancerIPs: - - 10.10.10.20 - type: GCP - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: GCP - gcp: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: - cloudLoadBalancerConfig: - dnsType: ClusterHosted - clusterHosted: - apiIntLoadBalancerIPs: - - 10.10.10.20 - - not-an-ip-address - type: GCP - expectedStatusError: "platformStatus.gcp.cloudLoadBalancerConfig.clusterHosted.apiIntLoadBalancerIPs[1]: Invalid value: \"not-an-ip-address\": platformStatus.gcp.cloudLoadBalancerConfig.clusterHosted.apiIntLoadBalancerIPs[1] in body should match '(^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*)'" - - name: Should not accept update when `clusterHosted` is specified with DNSType `PlatformDefault` - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - gcp: {} - type: GCP - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: {} - type: GCP - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: GCP - gcp: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: - cloudLoadBalancerConfig: - dnsType: PlatformDefault - clusterHosted: - apiIntLoadBalancerIPs: - - 10.10.10.20 - type: GCP - expectedStatusError: "status.platformStatus.gcp.cloudLoadBalancerConfig: Invalid value: \"object\": clusterHosted is permitted only when dnsType is ClusterHosted" - - name: Should not accept duplicate IP addresses for any of the Load Balancer IPs - initial: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - gcp: {} - type: GCP - updated: | - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - platformSpec: - type: GCP - gcp: {} - status: - controlPlaneTopology: HighlyAvailable - infrastructureTopology: HighlyAvailable - platform: GCP - platformStatus: - gcp: - cloudLoadBalancerConfig: - dnsType: ClusterHosted - clusterHosted: - apiIntLoadBalancerIPs: - - 10.10.10.20 - - 10.10.20.20 - - 10.10.10.20 - type: GCP - expectedStatusError: "status.platformStatus.gcp.cloudLoadBalancerConfig.clusterHosted.apiIntLoadBalancerIPs[2]: Duplicate value: \"10.10.10.20\"" diff --git a/vendor/github.com/openshift/api/config/v1/techpreview.scheduler.testsuite.yaml b/vendor/github.com/openshift/api/config/v1/techpreview.scheduler.testsuite.yaml deleted file mode 100644 index 5b5eb8954de..00000000000 --- a/vendor/github.com/openshift/api/config/v1/techpreview.scheduler.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Scheduler" -crd: 0000_10_config-operator_01_scheduler-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Scheduler - initial: | - apiVersion: config.openshift.io/v1 - kind: Scheduler - spec: {} # No spec is required for a Scheduler - expected: | - apiVersion: config.openshift.io/v1 - kind: Scheduler - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1/types_apiserver.go b/vendor/github.com/openshift/api/config/v1/types_apiserver.go index 85509090b4a..bdae466892a 100644 --- a/vendor/github.com/openshift/api/config/v1/types_apiserver.go +++ b/vendor/github.com/openshift/api/config/v1/types_apiserver.go @@ -15,7 +15,7 @@ import ( // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 -// +openshift:file-pattern=0000_10_config-operator_01_apiserverMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +kubebuilder:object:root=true // +kubebuilder:resource:path=apiservers,scope=Cluster // +kubebuilder:subresource:status diff --git a/vendor/github.com/openshift/api/config/v1/types_authentication.go b/vendor/github.com/openshift/api/config/v1/types_authentication.go index 1cd49f89118..b3dfa61b51b 100644 --- a/vendor/github.com/openshift/api/config/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/config/v1/types_authentication.go @@ -13,7 +13,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 -// +openshift:file-pattern=0000_10_config-operator_01_authentication.crdMARKERS.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +kubebuilder:object:root=true // +kubebuilder:resource:path=authentications,scope=Cluster // +kubebuilder:subresource:status diff --git a/vendor/github.com/openshift/api/config/v1/types_build.go b/vendor/github.com/openshift/api/config/v1/types_build.go index f4973123f18..dad47666db6 100644 --- a/vendor/github.com/openshift/api/config/v1/types_build.go +++ b/vendor/github.com/openshift/api/config/v1/types_build.go @@ -17,7 +17,7 @@ import ( // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 -// +openshift:file-pattern=0000_10_openshift-controller-manager-operator_01_buildMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=openshift-controller-manager,operatorOrdering=01 // +openshift:capability=Build // +kubebuilder:object:root=true // +kubebuilder:resource:path=builds,scope=Cluster diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go index 539da62e37e..7951762ccd5 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go @@ -16,7 +16,7 @@ import ( // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/497 -// +openshift:file-pattern=0000_00_cluster-version-operator_01_clusteroperatorMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_00,operatorName=cluster-version-operator,operatorOrdering=01 // +kubebuilder:object:root=true // +kubebuilder:resource:path=clusteroperators,scope=Cluster,shortName=co // +kubebuilder:subresource:status @@ -26,7 +26,6 @@ import ( // +kubebuilder:printcolumn:name=Degraded,JSONPath=.status.conditions[?(@.type=="Degraded")].status,type=string,description=Whether the operator is degraded. // +kubebuilder:printcolumn:name=Since,JSONPath=.status.conditions[?(@.type=="Available")].lastTransitionTime,type=date,description=The time the operator's Available status last changed. // +kubebuilder:metadata:annotations=include.release.openshift.io/self-managed-high-availability=true -// +kubebuilder:metadata:annotations=include.release.openshift.io/single-node-developer=true type ClusterOperator struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index e11b1c7541b..2b8c3021348 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -14,7 +14,7 @@ import ( // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/495 -// +openshift:file-pattern=0000_00_cluster-version-operator_01_clusterversionMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_00,operatorName=cluster-version-operator,operatorOrdering=01 // +kubebuilder:object:root=true // +kubebuilder:subresource:status // +kubebuilder:resource:path=clusterversions,scope=Cluster @@ -26,7 +26,6 @@ import ( // +kubebuilder:printcolumn:name=Since,JSONPath=.status.conditions[?(@.type=="Progressing")].lastTransitionTime,type=date // +kubebuilder:printcolumn:name=Status,JSONPath=.status.conditions[?(@.type=="Progressing")].message,type=string // +kubebuilder:metadata:annotations=include.release.openshift.io/self-managed-high-availability=true -// +kubebuilder:metadata:annotations=include.release.openshift.io/single-node-developer=true type ClusterVersion struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1/types_console.go b/vendor/github.com/openshift/api/config/v1/types_console.go index 81f8ca50f69..36b1696af98 100644 --- a/vendor/github.com/openshift/api/config/v1/types_console.go +++ b/vendor/github.com/openshift/api/config/v1/types_console.go @@ -15,7 +15,7 @@ import ( // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 -// +openshift:file-pattern=0000_10_config-operator_01_consoleMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +kubebuilder:object:root=true // +kubebuilder:resource:path=consoles,scope=Cluster // +kubebuilder:subresource:status diff --git a/vendor/github.com/openshift/api/config/v1/types_dns.go b/vendor/github.com/openshift/api/config/v1/types_dns.go index 37172b6a9ec..1875c9cddf2 100644 --- a/vendor/github.com/openshift/api/config/v1/types_dns.go +++ b/vendor/github.com/openshift/api/config/v1/types_dns.go @@ -11,7 +11,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 -// +openshift:file-pattern=0000_10_config-operator_01_dnsMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +kubebuilder:object:root=true // +kubebuilder:resource:path=dnses,scope=Cluster // +kubebuilder:subresource:status diff --git a/vendor/github.com/openshift/api/config/v1/types_feature.go b/vendor/github.com/openshift/api/config/v1/types_feature.go index 782378b0bf2..1e031719615 100644 --- a/vendor/github.com/openshift/api/config/v1/types_feature.go +++ b/vendor/github.com/openshift/api/config/v1/types_feature.go @@ -13,7 +13,7 @@ import ( // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 -// +openshift:file-pattern=0000_10_config-operator_01_featuregateMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +kubebuilder:object:root=true // +kubebuilder:resource:path=featuregates,scope=Cluster // +kubebuilder:subresource:status @@ -43,16 +43,17 @@ var ( // this feature set on CANNOT BE UNDONE and PREVENTS UPGRADES. TechPreviewNoUpgrade FeatureSet = "TechPreviewNoUpgrade" + // DevPreviewNoUpgrade turns on dev preview features that are not part of the normal supported platform. Turning + // this feature set on CANNOT BE UNDONE and PREVENTS UPGRADES. + DevPreviewNoUpgrade FeatureSet = "DevPreviewNoUpgrade" + // CustomNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. // Because of its nature, this setting cannot be validated. If you have any typos or accidentally apply invalid combinations // your cluster may fail in an unrecoverable way. CustomNoUpgrade FeatureSet = "CustomNoUpgrade" - // TopologyManager enables ToplogyManager support. Upgrades are enabled with this feature. - LatencySensitive FeatureSet = "LatencySensitive" - // AllFixedFeatureSets are the featuresets that have known featuregates. Custom doesn't for instance. LatencySensitive is dead - AllFixedFeatureSets = []FeatureSet{Default, TechPreviewNoUpgrade} + AllFixedFeatureSets = []FeatureSet{Default, TechPreviewNoUpgrade, DevPreviewNoUpgrade} ) type FeatureGateSpec struct { @@ -65,6 +66,9 @@ type FeatureGateSelection struct { // Turning on or off features may cause irreversible changes in your cluster which cannot be undone. // +unionDiscriminator // +optional + // +kubebuilder:validation:XValidation:rule="oldSelf == 'CustomNoUpgrade' ? self == 'CustomNoUpgrade' : true",message="CustomNoUpgrade may not be changed" + // +kubebuilder:validation:XValidation:rule="oldSelf == 'TechPreviewNoUpgrade' ? self == 'TechPreviewNoUpgrade' : true",message="TechPreviewNoUpgrade may not be changed" + // +kubebuilder:validation:XValidation:rule="oldSelf == 'DevPreviewNoUpgrade' ? self == 'DevPreviewNoUpgrade' : true",message="DevPreviewNoUpgrade may not be changed" FeatureSet FeatureSet `json:"featureSet,omitempty"` // customNoUpgrade allows the enabling or disabling of any feature. Turning this feature set on IS NOT SUPPORTED, CANNOT BE UNDONE, and PREVENTS UPGRADES. @@ -144,8 +148,3 @@ type FeatureGateList struct { Items []FeatureGate `json:"items"` } - -type FeatureGateEnabledDisabled struct { - Enabled []FeatureGateDescription - Disabled []FeatureGateDescription -} diff --git a/vendor/github.com/openshift/api/config/v1/types_image.go b/vendor/github.com/openshift/api/config/v1/types_image.go index 2f5c5787dc6..74511f86402 100644 --- a/vendor/github.com/openshift/api/config/v1/types_image.go +++ b/vendor/github.com/openshift/api/config/v1/types_image.go @@ -16,7 +16,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 -// +openshift:file-pattern=0000_10_config-operator_01_imageMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +kubebuilder:object:root=true // +kubebuilder:resource:path=images,scope=Cluster // +kubebuilder:subresource:status diff --git a/vendor/github.com/openshift/api/config/v1/types_image_content_policy.go b/vendor/github.com/openshift/api/config/v1/types_image_content_policy.go index 83f13fde3b3..f2faf1996d0 100644 --- a/vendor/github.com/openshift/api/config/v1/types_image_content_policy.go +++ b/vendor/github.com/openshift/api/config/v1/types_image_content_policy.go @@ -12,7 +12,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/874 -// +openshift:file-pattern=0000_10_config-operator_01_imagecontentpolicyMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +kubebuilder:object:root=true // +kubebuilder:resource:path=imagecontentpolicies,scope=Cluster // +kubebuilder:subresource:status diff --git a/vendor/github.com/openshift/api/config/v1/types_image_digest_mirror_set.go b/vendor/github.com/openshift/api/config/v1/types_image_digest_mirror_set.go index 3b0577be0a5..8fa38f223b6 100644 --- a/vendor/github.com/openshift/api/config/v1/types_image_digest_mirror_set.go +++ b/vendor/github.com/openshift/api/config/v1/types_image_digest_mirror_set.go @@ -12,7 +12,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1126 -// +openshift:file-pattern=0000_10_config-operator_01_imagedigestmirrorsetMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +kubebuilder:object:root=true // +kubebuilder:resource:path=imagedigestmirrorsets,scope=Cluster,shortName=idms // +kubebuilder:subresource:status diff --git a/vendor/github.com/openshift/api/config/v1/types_image_tag_mirror_set.go b/vendor/github.com/openshift/api/config/v1/types_image_tag_mirror_set.go index f8f429eb27e..d9627b78cc0 100644 --- a/vendor/github.com/openshift/api/config/v1/types_image_tag_mirror_set.go +++ b/vendor/github.com/openshift/api/config/v1/types_image_tag_mirror_set.go @@ -12,7 +12,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1126 -// +openshift:file-pattern=0000_10_config-operator_01_imagetagmirrorsetMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +kubebuilder:object:root=true // +kubebuilder:resource:path=imagetagmirrorsets,scope=Cluster,shortName=itms // +kubebuilder:subresource:status diff --git a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go index 14f6300bf5e..440f0119d3f 100644 --- a/vendor/github.com/openshift/api/config/v1/types_infrastructure.go +++ b/vendor/github.com/openshift/api/config/v1/types_infrastructure.go @@ -14,7 +14,7 @@ import ( // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 -// +openshift:file-pattern=0000_10_config-operator_01_infrastructureMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +kubebuilder:object:root=true // +kubebuilder:resource:path=infrastructures,scope=Cluster // +kubebuilder:subresource:status @@ -824,8 +824,8 @@ type BareMetalPlatformSpec struct { // Once set, the list cannot be completely removed (but its second entry can). // // +kubebuilder:validation:MaxItems=2 - // +kubebuilder:validation:XValidation:rule="size(self) == 2 ? self.exists_one(x, x.contains(':')) : true",message="apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" - // +listType=set + // +kubebuilder:validation:XValidation:rule="size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true",message="apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=atomic // +optional APIServerInternalIPs []IP `json:"apiServerInternalIPs"` @@ -839,16 +839,17 @@ type BareMetalPlatformSpec struct { // Once set, the list cannot be completely removed (but its second entry can). // // +kubebuilder:validation:MaxItems=2 - // +kubebuilder:validation:XValidation:rule="size(self) == 2 ? self.exists_one(x, x.contains(':')) : true",message="ingressIPs must contain at most one IPv4 address and at most one IPv6 address" - // +listType=set + // +kubebuilder:validation:XValidation:rule="size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true",message="ingressIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=atomic // +optional IngressIPs []IP `json:"ingressIPs"` // machineNetworks are IP networks used to connect all the OpenShift cluster // nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, // for example "10.0.0.0/8" or "fd00::/8". - // +listType=set + // +listType=atomic // +kubebuilder:validation:MaxItems=32 + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x == y))" // +optional MachineNetworks []CIDR `json:"machineNetworks"` } @@ -873,7 +874,8 @@ type BareMetalPlatformStatus struct { // // +kubebuilder:validation:Format=ip // +kubebuilder:validation:MaxItems=2 - // +listType=set + // +kubebuilder:validation:XValidation:rule="self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)",message="apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=atomic APIServerInternalIPs []string `json:"apiServerInternalIPs"` // ingressIP is an external IP which routes to the default ingress controller. @@ -889,7 +891,8 @@ type BareMetalPlatformStatus struct { // // +kubebuilder:validation:Format=ip // +kubebuilder:validation:MaxItems=2 - // +listType=set + // +kubebuilder:validation:XValidation:rule="self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)",message="ingressIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=atomic IngressIPs []string `json:"ingressIPs"` // nodeDNSIP is the IP address for the internal DNS used by the @@ -908,8 +911,9 @@ type BareMetalPlatformStatus struct { LoadBalancer *BareMetalPlatformLoadBalancer `json:"loadBalancer,omitempty"` // machineNetworks are IP networks used to connect all the OpenShift cluster nodes. - // +listType=set + // +listType=atomic // +kubebuilder:validation:MaxItems=32 + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x == y))" // +optional MachineNetworks []CIDR `json:"machineNetworks"` } @@ -951,8 +955,8 @@ type OpenStackPlatformSpec struct { // Once set, the list cannot be completely removed (but its second entry can). // // +kubebuilder:validation:MaxItems=2 - // +kubebuilder:validation:XValidation:rule="size(self) == 2 ? self.exists_one(x, x.contains(':')) : true",message="apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" - // +listType=set + // +kubebuilder:validation:XValidation:rule="size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true",message="apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=atomic // +optional APIServerInternalIPs []IP `json:"apiServerInternalIPs"` @@ -966,16 +970,17 @@ type OpenStackPlatformSpec struct { // Once set, the list cannot be completely removed (but its second entry can). // // +kubebuilder:validation:MaxItems=2 - // +kubebuilder:validation:XValidation:rule="size(self) == 2 ? self.exists_one(x, x.contains(':')) : true",message="ingressIPs must contain at most one IPv4 address and at most one IPv6 address" - // +listType=set + // +kubebuilder:validation:XValidation:rule="size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true",message="ingressIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=atomic // +optional IngressIPs []IP `json:"ingressIPs"` // machineNetworks are IP networks used to connect all the OpenShift cluster // nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, // for example "10.0.0.0/8" or "fd00::/8". - // +listType=set + // +listType=atomic // +kubebuilder:validation:MaxItems=32 + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x == y))" // +optional MachineNetworks []CIDR `json:"machineNetworks"` } @@ -998,7 +1003,8 @@ type OpenStackPlatformStatus struct { // // +kubebuilder:validation:Format=ip // +kubebuilder:validation:MaxItems=2 - // +listType=set + // +kubebuilder:validation:XValidation:rule="self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)",message="apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=atomic APIServerInternalIPs []string `json:"apiServerInternalIPs"` // cloudName is the name of the desired OpenStack cloud in the @@ -1018,7 +1024,8 @@ type OpenStackPlatformStatus struct { // // +kubebuilder:validation:Format=ip // +kubebuilder:validation:MaxItems=2 - // +listType=set + // +kubebuilder:validation:XValidation:rule="self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)",message="ingressIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=atomic IngressIPs []string `json:"ingressIPs"` // nodeDNSIP is the IP address for the internal DNS used by the @@ -1036,8 +1043,9 @@ type OpenStackPlatformStatus struct { LoadBalancer *OpenStackPlatformLoadBalancer `json:"loadBalancer,omitempty"` // machineNetworks are IP networks used to connect all the OpenShift cluster nodes. - // +listType=set + // +listType=atomic // +kubebuilder:validation:MaxItems=32 + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x == y))" // +optional MachineNetworks []CIDR `json:"machineNetworks"` } @@ -1085,6 +1093,7 @@ type OvirtPlatformStatus struct { // // +kubebuilder:validation:Format=ip // +kubebuilder:validation:MaxItems=2 + // +kubebuilder:validation:XValidation:rule="self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)",message="apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" // +listType=set APIServerInternalIPs []string `json:"apiServerInternalIPs"` @@ -1101,6 +1110,7 @@ type OvirtPlatformStatus struct { // // +kubebuilder:validation:Format=ip // +kubebuilder:validation:MaxItems=2 + // +kubebuilder:validation:XValidation:rule="self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)",message="ingressIPs must contain at most one IPv4 address and at most one IPv6 address" // +listType=set IngressIPs []string `json:"ingressIPs"` @@ -1365,8 +1375,8 @@ type VSpherePlatformSpec struct { // Once set, the list cannot be completely removed (but its second entry can). // // +kubebuilder:validation:MaxItems=2 - // +kubebuilder:validation:XValidation:rule="size(self) == 2 ? self.exists_one(x, x.contains(':')) : true",message="apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" - // +listType=set + // +kubebuilder:validation:XValidation:rule="size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true",message="apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=atomic // +optional APIServerInternalIPs []IP `json:"apiServerInternalIPs"` @@ -1380,16 +1390,17 @@ type VSpherePlatformSpec struct { // Once set, the list cannot be completely removed (but its second entry can). // // +kubebuilder:validation:MaxItems=2 - // +kubebuilder:validation:XValidation:rule="size(self) == 2 ? self.exists_one(x, x.contains(':')) : true",message="ingressIPs must contain at most one IPv4 address and at most one IPv6 address" - // +listType=set + // +kubebuilder:validation:XValidation:rule="size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true",message="ingressIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=atomic // +optional IngressIPs []IP `json:"ingressIPs"` // machineNetworks are IP networks used to connect all the OpenShift cluster // nodes. Each network is provided in the CIDR format and should be IPv4 or IPv6, // for example "10.0.0.0/8" or "fd00::/8". - // +listType=set + // +listType=atomic // +kubebuilder:validation:MaxItems=32 + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x == y))" // +optional MachineNetworks []CIDR `json:"machineNetworks"` } @@ -1412,7 +1423,8 @@ type VSpherePlatformStatus struct { // // +kubebuilder:validation:Format=ip // +kubebuilder:validation:MaxItems=2 - // +listType=set + // +kubebuilder:validation:XValidation:rule="self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)",message="apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=atomic APIServerInternalIPs []string `json:"apiServerInternalIPs"` // ingressIP is an external IP which routes to the default ingress controller. @@ -1428,7 +1440,8 @@ type VSpherePlatformStatus struct { // // +kubebuilder:validation:Format=ip // +kubebuilder:validation:MaxItems=2 - // +listType=set + // +kubebuilder:validation:XValidation:rule="self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)",message="ingressIPs must contain at most one IPv4 address and at most one IPv6 address" + // +listType=atomic IngressIPs []string `json:"ingressIPs"` // nodeDNSIP is the IP address for the internal DNS used by the @@ -1447,8 +1460,9 @@ type VSpherePlatformStatus struct { LoadBalancer *VSpherePlatformLoadBalancer `json:"loadBalancer,omitempty"` // machineNetworks are IP networks used to connect all the OpenShift cluster nodes. - // +listType=set + // +listType=atomic // +kubebuilder:validation:MaxItems=32 + // +kubebuilder:validation:XValidation:rule="self.all(x, self.exists_one(y, x == y))" // +optional MachineNetworks []CIDR `json:"machineNetworks"` } @@ -1813,6 +1827,7 @@ type NutanixPlatformStatus struct { // // +kubebuilder:validation:Format=ip // +kubebuilder:validation:MaxItems=2 + // +kubebuilder:validation:XValidation:rule="self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)",message="apiServerInternalIPs must contain at most one IPv4 address and at most one IPv6 address" // +listType=set APIServerInternalIPs []string `json:"apiServerInternalIPs"` @@ -1829,6 +1844,7 @@ type NutanixPlatformStatus struct { // // +kubebuilder:validation:Format=ip // +kubebuilder:validation:MaxItems=2 + // +kubebuilder:validation:XValidation:rule="self == oldSelf || (size(self) == 2 && isIP(self[0]) && isIP(self[1]) ? ip(self[0]).family() != ip(self[1]).family() : true)",message="ingressIPs must contain at most one IPv4 address and at most one IPv6 address" // +listType=set IngressIPs []string `json:"ingressIPs"` @@ -1857,17 +1873,13 @@ type InfrastructureList struct { } // IP is an IP address (for example, "10.0.0.0" or "fd00::"). -// +kubebuilder:validation:Pattern=`(^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*)` -// + --- -// + The regex for the IPv4 and IPv6 address was taken from -// + https://blog.markhatton.co.uk/2011/03/15/regular-expressions-for-ip-addresses-cidr-ranges-and-hostnames/ -// + The resulting regex is an OR of both regexes. +// +kubebuilder:validation:XValidation:rule="isIP(self)",message="value must be a valid IP address" +// +kubebuilder:validation:MaxLength:=39 +// +kubebuilder:validation:MinLength:=1 type IP string // CIDR is an IP address range in CIDR notation (for example, "10.0.0.0/8" or "fd00::/8"). -// +kubebuilder:validation:Pattern=`(^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$)` -// + --- -// + The regex for the IPv4 and IPv6 CIDR range was taken from -// + https://blog.markhatton.co.uk/2011/03/15/regular-expressions-for-ip-addresses-cidr-ranges-and-hostnames/ -// + The resulting regex is an OR of both regexes. +// +kubebuilder:validation:XValidation:rule="isCIDR(self)",message="value must be a valid CIDR network address" +// +kubebuilder:validation:MaxLength:=43 +// +kubebuilder:validation:MinLength:=1 type CIDR string diff --git a/vendor/github.com/openshift/api/config/v1/types_ingress.go b/vendor/github.com/openshift/api/config/v1/types_ingress.go index d6ff4a2f5a1..e58ad7f00b7 100644 --- a/vendor/github.com/openshift/api/config/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/config/v1/types_ingress.go @@ -14,7 +14,7 @@ import ( // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 -// +openshift:file-pattern=0000_10_config-operator_01_ingressMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +kubebuilder:object:root=true // +kubebuilder:resource:path=ingresses,scope=Cluster // +kubebuilder:subresource:status @@ -169,20 +169,20 @@ const ( // +kubebuilder:validation:MaxLength=512 type ConsumingUser string -// Hostname is an alias for hostname string validation. -// -// The left operand of the | is the original kubebuilder hostname validation format, which is incorrect because it -// allows upper case letters, disallows hyphen or number in the TLD, and allows labels to start/end in non-alphanumeric -// characters. See https://bugzilla.redhat.com/show_bug.cgi?id=2039256. -// ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$ -// -// The right operand of the | is a new pattern that mimics the current API route admission validation on hostname, -// except that it allows hostnames longer than the maximum length: -// ^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ -// -// Both operand patterns are made available so that modifications on ingress spec can still happen after an invalid hostname -// was saved via validation by the incorrect left operand of the | operator. -// +// Hostname is a host name as defined by RFC-1123. +// + --- +// + The left operand of the | is the original kubebuilder hostname validation format, which is incorrect because it +// + allows upper case letters, disallows hyphen or number in the TLD, and allows labels to start/end in non-alphanumeric +// + characters. See https://bugzilla.redhat.com/show_bug.cgi?id=2039256. +// + ^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$ +// + +// + The right operand of the | is a new pattern that mimics the current API route admission validation on hostname, +// + except that it allows hostnames longer than the maximum length: +// + ^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$ +// + +// + Both operand patterns are made available so that modifications on ingress spec can still happen after an invalid hostname +// + was saved via validation by the incorrect left operand of the | operator. +// + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9\p{S}\p{L}]((-?[a-zA-Z0-9\p{S}\p{L}]{0,62})?)|([a-zA-Z0-9\p{S}\p{L}](([a-zA-Z0-9-\p{S}\p{L}]{0,61}[a-zA-Z0-9\p{S}\p{L}])?)(\.)){1,}([a-zA-Z\p{L}]){2,63})$|^(([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})[\.]){0,}([a-z0-9][-a-z0-9]{0,61}[a-z0-9]|[a-z0-9]{1,63})$` type Hostname string diff --git a/vendor/github.com/openshift/api/config/v1/types_network.go b/vendor/github.com/openshift/api/config/v1/types_network.go index 9da4c79d420..618aeff3b00 100644 --- a/vendor/github.com/openshift/api/config/v1/types_network.go +++ b/vendor/github.com/openshift/api/config/v1/types_network.go @@ -1,6 +1,9 @@ package v1 -import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +import ( + corev1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) // +genclient // +genclient:nonNamespaced @@ -12,7 +15,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 // +openshift:compatibility-gen:level=1 -// +openshift:file-pattern=0000_10_config-operator_01_networkMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +kubebuilder:object:root=true // +kubebuilder:resource:path=networks,scope=Cluster type Network struct { @@ -38,6 +41,7 @@ type Network struct { // As a general rule, this SHOULD NOT be read directly. Instead, you should // consume the NetworkStatus, as it indicates the currently deployed configuration. // Currently, most spec fields are immutable after installation. Please view the individual ones for further details on each. +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NetworkDiagnosticsConfig,rule="!has(self.networkDiagnostics) || !has(self.networkDiagnostics.mode) || self.networkDiagnostics.mode!='Disabled' || !has(self.networkDiagnostics.sourcePlacement) && !has(self.networkDiagnostics.targetPlacement)",message="cannot set networkDiagnostics.sourcePlacement and networkDiagnostics.targetPlacement when networkDiagnostics.mode is Disabled" type NetworkSpec struct { // IP address pool to use for pod IPs. // This field is immutable after installation. @@ -70,6 +74,17 @@ type NetworkSpec struct { // installed. // +kubebuilder:validation:Pattern=`^([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])-([0-9]{1,4}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$` ServiceNodePortRange string `json:"serviceNodePortRange,omitempty"` + + // networkDiagnostics defines network diagnostics configuration. + // + // Takes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. + // If networkDiagnostics is not specified or is empty, + // and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, + // the network diagnostics feature will be disabled. + // + // +optional + // +openshift:enable:FeatureGate=NetworkDiagnosticsConfig + NetworkDiagnostics NetworkDiagnostics `json:"networkDiagnostics"` } // NetworkStatus is the current network configuration. @@ -92,14 +107,15 @@ type NetworkStatus struct { // conditions represents the observations of a network.config current state. // Known .status.conditions.type are: "NetworkTypeMigrationInProgress", "NetworkTypeMigrationMTUReady", - // "NetworkTypeMigrationTargetCNIAvailable", "NetworkTypeMigrationTargetCNIInUse" - // and "NetworkTypeMigrationOriginalCNIPurged" + // "NetworkTypeMigrationTargetCNIAvailable", "NetworkTypeMigrationTargetCNIInUse", + // "NetworkTypeMigrationOriginalCNIPurged" and "NetworkDiagnosticsAvailable" // +optional // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type // +openshift:enable:FeatureGate=NetworkLiveMigration + // +openshift:enable:FeatureGate=NetworkDiagnosticsConfig Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type"` } @@ -197,3 +213,89 @@ type MTUMigrationValues struct { // +optional From *uint32 `json:"from,omitempty"` } + +// NetworkDiagnosticsMode is an enumeration of the available network diagnostics modes +// Valid values are "", "All", "Disabled". +// +kubebuilder:validation:Enum:="";All;Disabled +type NetworkDiagnosticsMode string + +const ( + // NetworkDiagnosticsNoOpinion means that the user has no opinion and the platform is left + // to choose reasonable default. The current default is All and is a subject to change over time. + NetworkDiagnosticsNoOpinion NetworkDiagnosticsMode = "" + // NetworkDiagnosticsAll means that all network diagnostics checks are enabled + NetworkDiagnosticsAll NetworkDiagnosticsMode = "All" + // NetworkDiagnosticsDisabled means that network diagnostics is disabled + NetworkDiagnosticsDisabled NetworkDiagnosticsMode = "Disabled" +) + +// NetworkDiagnostics defines network diagnostics configuration + +type NetworkDiagnostics struct { + // mode controls the network diagnostics mode + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is All. + // + // +optional + Mode NetworkDiagnosticsMode `json:"mode"` + + // sourcePlacement controls the scheduling of network diagnostics source deployment + // + // See NetworkDiagnosticsSourcePlacement for more details about default values. + // + // +optional + SourcePlacement NetworkDiagnosticsSourcePlacement `json:"sourcePlacement"` + + // targetPlacement controls the scheduling of network diagnostics target daemonset + // + // See NetworkDiagnosticsTargetPlacement for more details about default values. + // + // +optional + TargetPlacement NetworkDiagnosticsTargetPlacement `json:"targetPlacement"` +} + +// NetworkDiagnosticsSourcePlacement defines node scheduling configuration network diagnostics source components +type NetworkDiagnosticsSourcePlacement struct { + // nodeSelector is the node selector applied to network diagnostics components + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is `kubernetes.io/os: linux`. + // + // +optional + NodeSelector map[string]string `json:"nodeSelector"` + + // tolerations is a list of tolerations applied to network diagnostics components + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is an empty list. + // + // +optional + // +listType=atomic + Tolerations []corev1.Toleration `json:"tolerations"` +} + +// NetworkDiagnosticsTargetPlacement defines node scheduling configuration network diagnostics target components +type NetworkDiagnosticsTargetPlacement struct { + // nodeSelector is the node selector applied to network diagnostics components + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is `kubernetes.io/os: linux`. + // + // +optional + NodeSelector map[string]string `json:"nodeSelector"` + + // tolerations is a list of tolerations applied to network diagnostics components + // + // When omitted, this means the user has no opinion and the platform is left + // to choose reasonable defaults. These defaults are subject to change over time. + // The current default is `- operator: "Exists"` which means that all taints are tolerated. + // + // +optional + // +listType=atomic + Tolerations []corev1.Toleration `json:"tolerations"` +} diff --git a/vendor/github.com/openshift/api/config/v1/types_node.go b/vendor/github.com/openshift/api/config/v1/types_node.go index 29df22df975..3dd31f39ad3 100644 --- a/vendor/github.com/openshift/api/config/v1/types_node.go +++ b/vendor/github.com/openshift/api/config/v1/types_node.go @@ -15,7 +15,7 @@ import ( // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1107 -// +openshift:file-pattern=0000_10_config-operator_01_nodeMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +kubebuilder:object:root=true // +kubebuilder:resource:path=nodes,scope=Cluster // +kubebuilder:subresource:status diff --git a/vendor/github.com/openshift/api/config/v1/types_oauth.go b/vendor/github.com/openshift/api/config/v1/types_oauth.go index 0ef7d6584e5..6654479dc81 100644 --- a/vendor/github.com/openshift/api/config/v1/types_oauth.go +++ b/vendor/github.com/openshift/api/config/v1/types_oauth.go @@ -15,7 +15,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 -// +openshift:file-pattern=0000_10_config-operator_01_oauthMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +kubebuilder:object:root=true // +kubebuilder:resource:path=oauths,scope=Cluster // +kubebuilder:subresource:status diff --git a/vendor/github.com/openshift/api/config/v1/types_operatorhub.go b/vendor/github.com/openshift/api/config/v1/types_operatorhub.go index 9b1536c6779..1fddfa51e5b 100644 --- a/vendor/github.com/openshift/api/config/v1/types_operatorhub.go +++ b/vendor/github.com/openshift/api/config/v1/types_operatorhub.go @@ -44,7 +44,7 @@ type OperatorHubStatus struct { // +genclient // +genclient:nonNamespaced // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 -// +openshift:file-pattern=0000_03_marketplace-operator_01_operatorhubMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=marketplace,operatorOrdering=01 // +openshift:capability=marketplace // +openshift:compatibility-gen:level=1 type OperatorHub struct { diff --git a/vendor/github.com/openshift/api/config/v1/types_project.go b/vendor/github.com/openshift/api/config/v1/types_project.go index 89caed05a6e..8d6d614b67c 100644 --- a/vendor/github.com/openshift/api/config/v1/types_project.go +++ b/vendor/github.com/openshift/api/config/v1/types_project.go @@ -11,7 +11,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 -// +openshift:file-pattern=0000_10_config-operator_01_projectMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +kubebuilder:object:root=true // +kubebuilder:resource:path=projects,scope=Cluster // +kubebuilder:subresource:status diff --git a/vendor/github.com/openshift/api/config/v1/types_proxy.go b/vendor/github.com/openshift/api/config/v1/types_proxy.go index 58d824734f3..851291bb05a 100644 --- a/vendor/github.com/openshift/api/config/v1/types_proxy.go +++ b/vendor/github.com/openshift/api/config/v1/types_proxy.go @@ -13,7 +13,7 @@ import ( // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 -// +openshift:file-pattern=0000_03_config-operator_01_proxyMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_03,operatorName=config-operator,operatorOrdering=01 // +kubebuilder:object:root=true // +kubebuilder:resource:path=proxies,scope=Cluster // +kubebuilder:subresource:status diff --git a/vendor/github.com/openshift/api/config/v1/types_scheduling.go b/vendor/github.com/openshift/api/config/v1/types_scheduling.go index 3b12a2c424a..061c4a88353 100644 --- a/vendor/github.com/openshift/api/config/v1/types_scheduling.go +++ b/vendor/github.com/openshift/api/config/v1/types_scheduling.go @@ -12,7 +12,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer). // +openshift:compatibility-gen:level=1 // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 -// +openshift:file-pattern=0000_10_config-operator_01_schedulerMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +kubebuilder:object:root=true // +kubebuilder:resource:path=schedulers,scope=Cluster // +kubebuilder:subresource:status diff --git a/vendor/github.com/openshift/api/config/v1/types_testreporting.go b/vendor/github.com/openshift/api/config/v1/types_testreporting.go new file mode 100644 index 00000000000..4d642e060b5 --- /dev/null +++ b/vendor/github.com/openshift/api/config/v1/types_testreporting.go @@ -0,0 +1,46 @@ +package v1 + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// TestReporting is used for origin (and potentially others) to report the test names for a given FeatureGate into +// the payload for later analysis on a per-payload basis. +// This doesn't need any CRD because it's never stored in the cluster. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:internal +type TestReporting struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ObjectMeta `json:"metadata,omitempty"` + + // +kubebuilder:validation:Required + // +required + Spec TestReportingSpec `json:"spec"` + // status holds observed values from the cluster. They may not be overridden. + // +optional + Status TestReportingStatus `json:"status"` +} + +type TestReportingSpec struct { + // TestsForFeatureGates is a list, indexed by FeatureGate and includes information about testing. + TestsForFeatureGates []FeatureGateTests `json:"testsForFeatureGates"` +} + +type FeatureGateTests struct { + // FeatureGate is the name of the FeatureGate as it appears in The FeatureGate CR instance. + FeatureGate string `json:"featureGate"` + + // Tests contains an item for every TestName + Tests []TestDetails `json:"tests"` +} + +type TestDetails struct { + // TestName is the name of the test as it appears in junit XMLs. + // It does not include the suite name since the same test can be executed in many suites. + TestName string `json:"testName"` +} + +type TestReportingStatus struct { +} diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index ff9409905dc..9a81bc559ce 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -2039,23 +2039,6 @@ func (in *FeatureGateAttributes) DeepCopy() *FeatureGateAttributes { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FeatureGateDescription) DeepCopyInto(out *FeatureGateDescription) { - *out = *in - out.FeatureGateAttributes = in.FeatureGateAttributes - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGateDescription. -func (in *FeatureGateDescription) DeepCopy() *FeatureGateDescription { - if in == nil { - return nil - } - out := new(FeatureGateDescription) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FeatureGateDetails) DeepCopyInto(out *FeatureGateDetails) { *out = *in @@ -2082,32 +2065,6 @@ func (in *FeatureGateDetails) DeepCopy() *FeatureGateDetails { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *FeatureGateEnabledDisabled) DeepCopyInto(out *FeatureGateEnabledDisabled) { - *out = *in - if in.Enabled != nil { - in, out := &in.Enabled, &out.Enabled - *out = make([]FeatureGateDescription, len(*in)) - copy(*out, *in) - } - if in.Disabled != nil { - in, out := &in.Disabled, &out.Disabled - *out = make([]FeatureGateDescription, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGateEnabledDisabled. -func (in *FeatureGateEnabledDisabled) DeepCopy() *FeatureGateEnabledDisabled { - if in == nil { - return nil - } - out := new(FeatureGateEnabledDisabled) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *FeatureGateList) DeepCopyInto(out *FeatureGateList) { *out = *in @@ -2209,6 +2166,27 @@ func (in *FeatureGateStatus) DeepCopy() *FeatureGateStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FeatureGateTests) DeepCopyInto(out *FeatureGateTests) { + *out = *in + if in.Tests != nil { + in, out := &in.Tests, &out.Tests + *out = make([]TestDetails, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGateTests. +func (in *FeatureGateTests) DeepCopy() *FeatureGateTests { + if in == nil { + return nil + } + out := new(FeatureGateTests) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GCPPlatformSpec) DeepCopyInto(out *GCPPlatformSpec) { *out = *in @@ -3597,6 +3575,84 @@ func (in *Network) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkDiagnostics) DeepCopyInto(out *NetworkDiagnostics) { + *out = *in + in.SourcePlacement.DeepCopyInto(&out.SourcePlacement) + in.TargetPlacement.DeepCopyInto(&out.TargetPlacement) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkDiagnostics. +func (in *NetworkDiagnostics) DeepCopy() *NetworkDiagnostics { + if in == nil { + return nil + } + out := new(NetworkDiagnostics) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkDiagnosticsSourcePlacement) DeepCopyInto(out *NetworkDiagnosticsSourcePlacement) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]corev1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkDiagnosticsSourcePlacement. +func (in *NetworkDiagnosticsSourcePlacement) DeepCopy() *NetworkDiagnosticsSourcePlacement { + if in == nil { + return nil + } + out := new(NetworkDiagnosticsSourcePlacement) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NetworkDiagnosticsTargetPlacement) DeepCopyInto(out *NetworkDiagnosticsTargetPlacement) { + *out = *in + if in.NodeSelector != nil { + in, out := &in.NodeSelector, &out.NodeSelector + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Tolerations != nil { + in, out := &in.Tolerations, &out.Tolerations + *out = make([]corev1.Toleration, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NetworkDiagnosticsTargetPlacement. +func (in *NetworkDiagnosticsTargetPlacement) DeepCopy() *NetworkDiagnosticsTargetPlacement { + if in == nil { + return nil + } + out := new(NetworkDiagnosticsTargetPlacement) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NetworkList) DeepCopyInto(out *NetworkList) { *out = *in @@ -3669,6 +3725,7 @@ func (in *NetworkSpec) DeepCopyInto(out *NetworkSpec) { *out = new(ExternalIPConfig) (*in).DeepCopyInto(*out) } + in.NetworkDiagnostics.DeepCopyInto(&out.NetworkDiagnostics) return } @@ -5494,6 +5551,81 @@ func (in *TemplateReference) DeepCopy() *TemplateReference { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TestDetails) DeepCopyInto(out *TestDetails) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TestDetails. +func (in *TestDetails) DeepCopy() *TestDetails { + if in == nil { + return nil + } + out := new(TestDetails) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TestReporting) DeepCopyInto(out *TestReporting) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TestReporting. +func (in *TestReporting) DeepCopy() *TestReporting { + if in == nil { + return nil + } + out := new(TestReporting) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TestReportingSpec) DeepCopyInto(out *TestReportingSpec) { + *out = *in + if in.TestsForFeatureGates != nil { + in, out := &in.TestsForFeatureGates, &out.TestsForFeatureGates + *out = make([]FeatureGateTests, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TestReportingSpec. +func (in *TestReportingSpec) DeepCopy() *TestReportingSpec { + if in == nil { + return nil + } + out := new(TestReportingSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TestReportingStatus) DeepCopyInto(out *TestReportingStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TestReportingStatus. +func (in *TestReportingStatus) DeepCopy() *TestReportingStatus { + if in == nil { + return nil + } + out := new(TestReportingStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TokenClaimMapping) DeepCopyInto(out *TokenClaimMapping) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml index a8bd5d84c19..286bbbd84ee 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.featuregated-crd-manifests.yaml @@ -5,6 +5,9 @@ apiservers.config.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true KindName: APIServer @@ -13,7 +16,6 @@ apiservers.config.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_10_config-operator_01_apiserverMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -25,6 +27,9 @@ authentications.config.openshift.io: Category: "" FeatureGates: - ExternalOIDC + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true KindName: Authentication @@ -33,7 +38,6 @@ authentications.config.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_10_config-operator_01_authentication.crdMARKERS.yaml TopLevelFeatureGates: [] Version: v1 @@ -44,6 +48,9 @@ builds.config.openshift.io: Capability: Build Category: "" FeatureGates: [] + FilenameOperatorName: openshift-controller-manager + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true KindName: Build @@ -52,19 +59,20 @@ builds.config.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_10_openshift-controller-manager-operator_01_buildMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 clusteroperators.config.openshift.io: Annotations: include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" ApprovedPRNumber: https://github.com/openshift/api/pull/497 CRDName: clusteroperators.config.openshift.io Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: cluster-version-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_00" GroupName: config.openshift.io HasStatus: true KindName: ClusterOperator @@ -94,20 +102,21 @@ clusteroperators.config.openshift.io: Scope: Cluster ShortNames: - co - TargetFilenamePattern: 0000_00_cluster-version-operator_01_clusteroperatorMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 clusterversions.config.openshift.io: Annotations: include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" ApprovedPRNumber: https://github.com/openshift/api/pull/495 CRDName: clusterversions.config.openshift.io Capability: "" Category: "" FeatureGates: - SignatureStores + FilenameOperatorName: cluster-version-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_00" GroupName: config.openshift.io HasStatus: true KindName: ClusterVersion @@ -131,7 +140,6 @@ clusterversions.config.openshift.io: type: string Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_00_cluster-version-operator_01_clusterversionMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -142,6 +150,9 @@ consoles.config.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true KindName: Console @@ -150,7 +161,6 @@ consoles.config.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_10_config-operator_01_consoleMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -161,6 +171,9 @@ dnses.config.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true KindName: DNS @@ -169,7 +182,6 @@ dnses.config.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_10_config-operator_01_dnsMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -180,6 +192,9 @@ featuregates.config.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true KindName: FeatureGate @@ -188,7 +203,6 @@ featuregates.config.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_10_config-operator_01_featuregateMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -199,6 +213,9 @@ images.config.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true KindName: Image @@ -207,7 +224,6 @@ images.config.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_10_config-operator_01_imageMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -218,6 +234,9 @@ imagecontentpolicies.config.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true KindName: ImageContentPolicy @@ -226,7 +245,6 @@ imagecontentpolicies.config.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_10_config-operator_01_imagecontentpolicyMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -237,6 +255,9 @@ imagedigestmirrorsets.config.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true KindName: ImageDigestMirrorSet @@ -246,7 +267,6 @@ imagedigestmirrorsets.config.openshift.io: Scope: Cluster ShortNames: - idms - TargetFilenamePattern: 0000_10_config-operator_01_imagedigestmirrorsetMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -257,6 +277,9 @@ imagetagmirrorsets.config.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true KindName: ImageTagMirrorSet @@ -266,7 +289,6 @@ imagetagmirrorsets.config.openshift.io: Scope: Cluster ShortNames: - itms - TargetFilenamePattern: 0000_10_config-operator_01_imagetagmirrorsetMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -281,6 +303,9 @@ infrastructures.config.openshift.io: - GCPClusterHostedDNS - GCPLabelsTags - VSphereControlPlaneMachineSet + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true KindName: Infrastructure @@ -289,7 +314,6 @@ infrastructures.config.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_10_config-operator_01_infrastructureMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -300,6 +324,9 @@ ingresses.config.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true KindName: Ingress @@ -308,7 +335,6 @@ ingresses.config.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_10_config-operator_01_ingressMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -319,7 +345,11 @@ networks.config.openshift.io: Capability: "" Category: "" FeatureGates: + - NetworkDiagnosticsConfig - NetworkLiveMigration + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: false KindName: Network @@ -328,7 +358,6 @@ networks.config.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_10_config-operator_01_networkMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -339,6 +368,9 @@ nodes.config.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true KindName: Node @@ -347,7 +379,6 @@ nodes.config.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_10_config-operator_01_nodeMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -358,6 +389,9 @@ oauths.config.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true KindName: OAuth @@ -366,7 +400,6 @@ oauths.config.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_10_config-operator_01_oauthMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -377,6 +410,9 @@ operatorhubs.config.openshift.io: Capability: marketplace Category: "" FeatureGates: [] + FilenameOperatorName: marketplace + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_03" GroupName: config.openshift.io HasStatus: true KindName: OperatorHub @@ -385,7 +421,6 @@ operatorhubs.config.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_03_marketplace-operator_01_operatorhubMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -396,6 +431,9 @@ projects.config.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true KindName: Project @@ -404,7 +442,6 @@ projects.config.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_10_config-operator_01_projectMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -415,6 +452,9 @@ proxies.config.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_03" GroupName: config.openshift.io HasStatus: true KindName: Proxy @@ -423,7 +463,6 @@ proxies.config.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_03_config-operator_01_proxyMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -435,6 +474,9 @@ schedulers.config.openshift.io: Category: "" FeatureGates: - DynamicResourceAllocation + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true KindName: Scheduler @@ -443,7 +485,6 @@ schedulers.config.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_10_config-operator_01_schedulerMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index f751368b340..fcb4fb9a42a 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -1987,6 +1987,36 @@ func (Network) SwaggerDoc() map[string]string { return map_Network } +var map_NetworkDiagnostics = map[string]string{ + "mode": "mode controls the network diagnostics mode\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is All.", + "sourcePlacement": "sourcePlacement controls the scheduling of network diagnostics source deployment\n\nSee NetworkDiagnosticsSourcePlacement for more details about default values.", + "targetPlacement": "targetPlacement controls the scheduling of network diagnostics target daemonset\n\nSee NetworkDiagnosticsTargetPlacement for more details about default values.", +} + +func (NetworkDiagnostics) SwaggerDoc() map[string]string { + return map_NetworkDiagnostics +} + +var map_NetworkDiagnosticsSourcePlacement = map[string]string{ + "": "NetworkDiagnosticsSourcePlacement defines node scheduling configuration network diagnostics source components", + "nodeSelector": "nodeSelector is the node selector applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `kubernetes.io/os: linux`.", + "tolerations": "tolerations is a list of tolerations applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is an empty list.", +} + +func (NetworkDiagnosticsSourcePlacement) SwaggerDoc() map[string]string { + return map_NetworkDiagnosticsSourcePlacement +} + +var map_NetworkDiagnosticsTargetPlacement = map[string]string{ + "": "NetworkDiagnosticsTargetPlacement defines node scheduling configuration network diagnostics target components", + "nodeSelector": "nodeSelector is the node selector applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `kubernetes.io/os: linux`.", + "tolerations": "tolerations is a list of tolerations applied to network diagnostics components\n\nWhen omitted, this means the user has no opinion and the platform is left to choose reasonable defaults. These defaults are subject to change over time. The current default is `- operator: \"Exists\"` which means that all taints are tolerated.", +} + +func (NetworkDiagnosticsTargetPlacement) SwaggerDoc() map[string]string { + return map_NetworkDiagnosticsTargetPlacement +} + var map_NetworkList = map[string]string{ "": "Compatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", @@ -2013,6 +2043,7 @@ var map_NetworkSpec = map[string]string{ "networkType": "NetworkType is the plugin that is to be deployed (e.g. OpenShiftSDN). This should match a value that the cluster-network-operator understands, or else no networking will be installed. Currently supported values are: - OpenShiftSDN This field is immutable after installation.", "externalIP": "externalIP defines configuration for controllers that affect Service.ExternalIP. If nil, then ExternalIP is not allowed to be set.", "serviceNodePortRange": "The port range allowed for Services of type NodePort. If not specified, the default of 30000-32767 will be used. Such Services without a NodePort specified will have one automatically allocated from this range. This parameter can be updated after the cluster is installed.", + "networkDiagnostics": "networkDiagnostics defines network diagnostics configuration.\n\nTakes precedence over spec.disableNetworkDiagnostics in network.operator.openshift.io. If networkDiagnostics is not specified or is empty, and the spec.disableNetworkDiagnostics flag in network.operator.openshift.io is set to true, the network diagnostics feature will be disabled.", } func (NetworkSpec) SwaggerDoc() map[string]string { @@ -2026,7 +2057,7 @@ var map_NetworkStatus = map[string]string{ "networkType": "NetworkType is the plugin that is deployed (e.g. OpenShiftSDN).", "clusterNetworkMTU": "ClusterNetworkMTU is the MTU for inter-pod networking.", "migration": "Migration contains the cluster network migration configuration.", - "conditions": "conditions represents the observations of a network.config current state. Known .status.conditions.type are: \"NetworkTypeMigrationInProgress\", \"NetworkTypeMigrationMTUReady\", \"NetworkTypeMigrationTargetCNIAvailable\", \"NetworkTypeMigrationTargetCNIInUse\" and \"NetworkTypeMigrationOriginalCNIPurged\"", + "conditions": "conditions represents the observations of a network.config current state. Known .status.conditions.type are: \"NetworkTypeMigrationInProgress\", \"NetworkTypeMigrationMTUReady\", \"NetworkTypeMigrationTargetCNIAvailable\", \"NetworkTypeMigrationTargetCNIInUse\", \"NetworkTypeMigrationOriginalCNIPurged\" and \"NetworkDiagnosticsAvailable\"", } func (NetworkStatus) SwaggerDoc() map[string]string { @@ -2476,6 +2507,41 @@ func (SchedulerSpec) SwaggerDoc() map[string]string { return map_SchedulerSpec } +var map_FeatureGateTests = map[string]string{ + "featureGate": "FeatureGate is the name of the FeatureGate as it appears in The FeatureGate CR instance.", + "tests": "Tests contains an item for every TestName", +} + +func (FeatureGateTests) SwaggerDoc() map[string]string { + return map_FeatureGateTests +} + +var map_TestDetails = map[string]string{ + "testName": "TestName is the name of the test as it appears in junit XMLs. It does not include the suite name since the same test can be executed in many suites.", +} + +func (TestDetails) SwaggerDoc() map[string]string { + return map_TestDetails +} + +var map_TestReporting = map[string]string{ + "": "TestReporting is used for origin (and potentially others) to report the test names for a given FeatureGate into the payload for later analysis on a per-payload basis. This doesn't need any CRD because it's never stored in the cluster.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "status": "status holds observed values from the cluster. They may not be overridden.", +} + +func (TestReporting) SwaggerDoc() map[string]string { + return map_TestReporting +} + +var map_TestReportingSpec = map[string]string{ + "testsForFeatureGates": "TestsForFeatureGates is a list, indexed by FeatureGate and includes information about testing.", +} + +func (TestReportingSpec) SwaggerDoc() map[string]string { + return map_TestReportingSpec +} + var map_CustomTLSProfile = map[string]string{ "": "CustomTLSProfile is a user-defined TLS security profile. Be extremely careful using a custom TLS profile as invalid configurations can be catastrophic.", } diff --git a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_backup-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_backup-CustomNoUpgrade.crd.yaml deleted file mode 100644 index a53e8d3759f..00000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_backup-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,143 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1482 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: backups.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Backup - listKind: BackupList - plural: backups - singular: backup - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "Backup provides configuration for performing backups of the - openshift cluster. \n Compatibility level 4: No compatibility is provided, - the API can change at any point for any reason. These capabilities should - not be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - etcd: - description: etcd specifies the configuration for periodic backups - of the etcd cluster - properties: - pvcName: - description: PVCName specifies the name of the PersistentVolumeClaim - (PVC) which binds a PersistentVolume where the etcd backup files - would be saved The PVC itself must always be created in the - "openshift-etcd" namespace If the PVC is left unspecified "" - then the platform will choose a reasonable default location - to save the backup. In the future this would be backups saved - across the control-plane master nodes. - type: string - retentionPolicy: - description: RetentionPolicy defines the retention policy for - retaining and deleting existing backups. - properties: - retentionNumber: - description: RetentionNumber configures the retention policy - based on the number of backups - properties: - maxNumberOfBackups: - description: MaxNumberOfBackups defines the maximum number - of backups to retain. If the existing number of backups - saved is equal to MaxNumberOfBackups then the oldest - backup will be removed before a new backup is initiated. - minimum: 1 - type: integer - required: - - maxNumberOfBackups - type: object - retentionSize: - description: RetentionSize configures the retention policy - based on the size of backups - properties: - maxSizeOfBackupsGb: - description: MaxSizeOfBackupsGb defines the total size - in GB of backups to retain. If the current total size - backups exceeds MaxSizeOfBackupsGb then the oldest backup - will be removed before a new backup is initiated. - minimum: 1 - type: integer - required: - - maxSizeOfBackupsGb - type: object - retentionType: - allOf: - - enum: - - RetentionNumber - - RetentionSize - - enum: - - "" - - RetentionNumber - - RetentionSize - description: RetentionType sets the type of retention policy. - Currently, the only valid policies are retention by number - of backups (RetentionNumber), by the size of backups (RetentionSize). - More policies or types may be added in the future. Empty - string means no opinion and the platform is left to choose - a reasonable default which is subject to change without - notice. The current default is RetentionNumber with 15 backups - kept. - type: string - required: - - retentionType - type: object - schedule: - description: 'Schedule defines the recurring backup schedule in - Cron format every 2 hours: 0 */2 * * * every day at 3am: 0 3 - * * * Empty string means no opinion and the platform is left - to choose a reasonable default which is subject to change without - notice. The current default is "no backups", but will change - in the future.' - pattern: ^(@(annually|yearly|monthly|weekly|daily|hourly))|(\*|(?:\*|(?:[0-9]|(?:[1-5][0-9])))\/(?:[0-9]|(?:[1-5][0-9]))|(?:[0-9]|(?:[1-5][0-9]))(?:(?:\-[0-9]|\-(?:[1-5][0-9]))?|(?:\,(?:[0-9]|(?:[1-5][0-9])))*)) - (\*|(?:\*|(?:\*|(?:[0-9]|1[0-9]|2[0-3])))\/(?:[0-9]|1[0-9]|2[0-3])|(?:[0-9]|1[0-9]|2[0-3])(?:(?:\-(?:[0-9]|1[0-9]|2[0-3]))?|(?:\,(?:[0-9]|1[0-9]|2[0-3]))*)) - (\*|(?:[1-9]|(?:[12][0-9])|3[01])(?:(?:\-(?:[1-9]|(?:[12][0-9])|3[01]))?|(?:\,(?:[1-9]|(?:[12][0-9])|3[01]))*)) - (\*|(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC)(?:(?:\-(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC))?|(?:\,(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC))*)) - (\*|(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT)(?:(?:\-(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT))?|(?:\,(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT))*))$ - type: string - timeZone: - description: The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. - If not specified, this will default to the time zone of the - kube-controller-manager process. See https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones - pattern: ^([A-Za-z_]+([+-]*0)*|[A-Za-z_]+(\/[A-Za-z_]+){1,2})(\/GMT[+-]\d{1,2})?$ - type: string - type: object - required: - - etcd - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_backup-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_backup-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index d74279acbcb..00000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_backup-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,143 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1482 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: backups.config.openshift.io -spec: - group: config.openshift.io - names: - kind: Backup - listKind: BackupList - plural: backups - singular: backup - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "Backup provides configuration for performing backups of the - openshift cluster. \n Compatibility level 4: No compatibility is provided, - the API can change at any point for any reason. These capabilities should - not be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - etcd: - description: etcd specifies the configuration for periodic backups - of the etcd cluster - properties: - pvcName: - description: PVCName specifies the name of the PersistentVolumeClaim - (PVC) which binds a PersistentVolume where the etcd backup files - would be saved The PVC itself must always be created in the - "openshift-etcd" namespace If the PVC is left unspecified "" - then the platform will choose a reasonable default location - to save the backup. In the future this would be backups saved - across the control-plane master nodes. - type: string - retentionPolicy: - description: RetentionPolicy defines the retention policy for - retaining and deleting existing backups. - properties: - retentionNumber: - description: RetentionNumber configures the retention policy - based on the number of backups - properties: - maxNumberOfBackups: - description: MaxNumberOfBackups defines the maximum number - of backups to retain. If the existing number of backups - saved is equal to MaxNumberOfBackups then the oldest - backup will be removed before a new backup is initiated. - minimum: 1 - type: integer - required: - - maxNumberOfBackups - type: object - retentionSize: - description: RetentionSize configures the retention policy - based on the size of backups - properties: - maxSizeOfBackupsGb: - description: MaxSizeOfBackupsGb defines the total size - in GB of backups to retain. If the current total size - backups exceeds MaxSizeOfBackupsGb then the oldest backup - will be removed before a new backup is initiated. - minimum: 1 - type: integer - required: - - maxSizeOfBackupsGb - type: object - retentionType: - allOf: - - enum: - - RetentionNumber - - RetentionSize - - enum: - - "" - - RetentionNumber - - RetentionSize - description: RetentionType sets the type of retention policy. - Currently, the only valid policies are retention by number - of backups (RetentionNumber), by the size of backups (RetentionSize). - More policies or types may be added in the future. Empty - string means no opinion and the platform is left to choose - a reasonable default which is subject to change without - notice. The current default is RetentionNumber with 15 backups - kept. - type: string - required: - - retentionType - type: object - schedule: - description: 'Schedule defines the recurring backup schedule in - Cron format every 2 hours: 0 */2 * * * every day at 3am: 0 3 - * * * Empty string means no opinion and the platform is left - to choose a reasonable default which is subject to change without - notice. The current default is "no backups", but will change - in the future.' - pattern: ^(@(annually|yearly|monthly|weekly|daily|hourly))|(\*|(?:\*|(?:[0-9]|(?:[1-5][0-9])))\/(?:[0-9]|(?:[1-5][0-9]))|(?:[0-9]|(?:[1-5][0-9]))(?:(?:\-[0-9]|\-(?:[1-5][0-9]))?|(?:\,(?:[0-9]|(?:[1-5][0-9])))*)) - (\*|(?:\*|(?:\*|(?:[0-9]|1[0-9]|2[0-3])))\/(?:[0-9]|1[0-9]|2[0-3])|(?:[0-9]|1[0-9]|2[0-3])(?:(?:\-(?:[0-9]|1[0-9]|2[0-3]))?|(?:\,(?:[0-9]|1[0-9]|2[0-3]))*)) - (\*|(?:[1-9]|(?:[12][0-9])|3[01])(?:(?:\-(?:[1-9]|(?:[12][0-9])|3[01]))?|(?:\,(?:[1-9]|(?:[12][0-9])|3[01]))*)) - (\*|(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC)(?:(?:\-(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC))?|(?:\,(?:[1-9]|1[012]|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC))*)) - (\*|(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT)(?:(?:\-(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT))?|(?:\,(?:[0-6]|SUN|MON|TUE|WED|THU|FRI|SAT))*))$ - type: string - timeZone: - description: The time zone name for the given schedule, see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones. - If not specified, this will default to the time zone of the - kube-controller-manager process. See https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#time-zones - pattern: ^([A-Za-z_]+([+-]*0)*|[A-Za-z_]+(\/[A-Za-z_]+){1,2})(\/GMT[+-]\d{1,2})?$ - type: string - type: object - required: - - etcd - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_clusterimagepolicy-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_clusterimagepolicy-CustomNoUpgrade.crd.yaml deleted file mode 100644 index 00948c1f703..00000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_clusterimagepolicy-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,399 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1457 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: clusterimagepolicies.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ClusterImagePolicy - listKind: ClusterImagePolicyList - plural: clusterimagepolicies - singular: clusterimagepolicy - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "ClusterImagePolicy holds cluster-wide configuration for image - signature verification \n Compatibility level 4: No compatibility is provided, - the API can change at any point for any reason. These capabilities should - not be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec contains the configuration for the cluster image policy. - properties: - policy: - description: policy contains configuration to allow scopes to be verified, - and defines how images not matching the verification policy will - be treated. - properties: - rootOfTrust: - description: rootOfTrust specifies the root of trust for the policy. - properties: - fulcioCAWithRekor: - description: 'fulcioCAWithRekor defines the root of trust - based on the Fulcio certificate and the Rekor public key. - For more information about Fulcio and Rekor, please refer - to the document at: https://github.com/sigstore/fulcio and - https://github.com/sigstore/rekor' - properties: - fulcioCAData: - description: fulcioCAData contains inline base64-encoded - data for the PEM format fulcio CA. fulcioCAData must - be at most 8192 characters. - format: byte - maxLength: 8192 - type: string - fulcioSubject: - description: fulcioSubject specifies OIDC issuer and the - email of the Fulcio authentication configuration. - properties: - oidcIssuer: - description: 'oidcIssuer contains the expected OIDC - issuer. It will be verified that the Fulcio-issued - certificate contains a (Fulcio-defined) certificate - extension pointing at this OIDC issuer URL. When - Fulcio issues certificates, it includes a value - based on an URL inside the client-provided ID token. - Example: "https://expected.OIDC.issuer/"' - type: string - x-kubernetes-validations: - - message: oidcIssuer must be a valid URL - rule: isURL(self) - signedEmail: - description: 'signedEmail holds the email address - the the Fulcio certificate is issued for. Example: - "expected-signing-user@example.com"' - type: string - x-kubernetes-validations: - - message: invalid email address - rule: self.matches('^\\S+@\\S+$') - required: - - oidcIssuer - - signedEmail - type: object - rekorKeyData: - description: rekorKeyData contains inline base64-encoded - data for the PEM format from the Rekor public key. rekorKeyData - must be at most 8192 characters. - format: byte - maxLength: 8192 - type: string - required: - - fulcioCAData - - fulcioSubject - - rekorKeyData - type: object - policyType: - description: policyType serves as the union's discriminator. - Users are required to assign a value to this field, choosing - one of the policy types that define the root of trust. "PublicKey" - indicates that the policy relies on a sigstore publicKey - and may optionally use a Rekor verification. "FulcioCAWithRekor" - indicates that the policy is based on the Fulcio certification - and incorporates a Rekor verification. - enum: - - PublicKey - - FulcioCAWithRekor - type: string - publicKey: - description: publicKey defines the root of trust based on - a sigstore public key. - properties: - keyData: - description: keyData contains inline base64-encoded data - for the PEM format public key. KeyData must be at most - 8192 characters. - format: byte - maxLength: 8192 - type: string - rekorKeyData: - description: rekorKeyData contains inline base64-encoded - data for the PEM format from the Rekor public key. rekorKeyData - must be at most 8192 characters. - format: byte - maxLength: 8192 - type: string - required: - - keyData - type: object - required: - - policyType - type: object - x-kubernetes-validations: - - message: publicKey is required when policyType is PublicKey, - and forbidden otherwise - rule: 'has(self.policyType) && self.policyType == ''PublicKey'' - ? has(self.publicKey) : !has(self.publicKey)' - - message: fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, - and forbidden otherwise - rule: 'has(self.policyType) && self.policyType == ''FulcioCAWithRekor'' - ? has(self.fulcioCAWithRekor) : !has(self.fulcioCAWithRekor)' - signedIdentity: - description: signedIdentity specifies what image identity the - signature claims about the image. The required matchPolicy field - specifies the approach used in the verification process to verify - the identity in the signature and the actual image identity, - the default matchPolicy is "MatchRepoDigestOrExact". - properties: - exactRepository: - description: exactRepository is required if matchPolicy is - set to "ExactRepository". - properties: - repository: - description: repository is the reference of the image - identity to be matched. The value should be a repository - name (by omitting the tag or digest) in a registry implementing - the "Docker Registry HTTP API V2". For example, docker.io/library/busybox - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - required: - - repository - type: object - matchPolicy: - description: matchPolicy sets the type of matching to be used. - Valid values are "MatchRepoDigestOrExact", "MatchRepository", - "ExactRepository", "RemapIdentity". When omitted, the default - value is "MatchRepoDigestOrExact". If set matchPolicy to - ExactRepository, then the exactRepository must be specified. - If set matchPolicy to RemapIdentity, then the remapIdentity - must be specified. "MatchRepoDigestOrExact" means that the - identity in the signature must be in the same repository - as the image identity if the image identity is referenced - by a digest. Otherwise, the identity in the signature must - be the same as the image identity. "MatchRepository" means - that the identity in the signature must be in the same repository - as the image identity. "ExactRepository" means that the - identity in the signature must be in the same repository - as a specific identity specified by "repository". "RemapIdentity" - means that the signature must be in the same as the remapped - image identity. Remapped image identity is obtained by replacing - the "prefix" with the specified “signedPrefix” if the the - image identity matches the specified remapPrefix. - enum: - - MatchRepoDigestOrExact - - MatchRepository - - ExactRepository - - RemapIdentity - type: string - remapIdentity: - description: remapIdentity is required if matchPolicy is set - to "RemapIdentity". - properties: - prefix: - description: prefix is the prefix of the image identity - to be matched. If the image identity matches the specified - prefix, that prefix is replaced by the specified “signedPrefix” - (otherwise it is used as unchanged and no remapping - takes place). This useful when verifying signatures - for a mirror of some other repository namespace that - preserves the vendor’s repository structure. The prefix - and signedPrefix values can be either host[:port] values - (matching exactly the same host[:port], string), repository - namespaces, or repositories (i.e. they must not contain - tags/digests), and match as prefixes of the fully expanded - form. For example, docker.io/library/busybox (not busybox) - to specify that single repository, or docker.io/library - (not an empty string) to specify the parent namespace - of docker.io/library/busybox. - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - signedPrefix: - description: signedPrefix is the prefix of the image identity - to be matched in the signature. The format is the same - as "prefix". The values can be either host[:port] values - (matching exactly the same host[:port], string), repository - namespaces, or repositories (i.e. they must not contain - tags/digests), and match as prefixes of the fully expanded - form. For example, docker.io/library/busybox (not busybox) - to specify that single repository, or docker.io/library - (not an empty string) to specify the parent namespace - of docker.io/library/busybox. - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - required: - - prefix - - signedPrefix - type: object - required: - - matchPolicy - type: object - x-kubernetes-validations: - - message: exactRepository is required when matchPolicy is ExactRepository, - and forbidden otherwise - rule: '(has(self.matchPolicy) && self.matchPolicy == ''ExactRepository'') - ? has(self.exactRepository) : !has(self.exactRepository)' - - message: remapIdentity is required when matchPolicy is RemapIdentity, - and forbidden otherwise - rule: '(has(self.matchPolicy) && self.matchPolicy == ''RemapIdentity'') - ? has(self.remapIdentity) : !has(self.remapIdentity)' - required: - - rootOfTrust - type: object - scopes: - description: 'scopes defines the list of image identities assigned - to a policy. Each item refers to a scope in a registry implementing - the "Docker Registry HTTP API V2". Scopes matching individual images - are named Docker references in the fully expanded form, either using - a tag or digest. For example, docker.io/library/busybox:latest (not - busybox:latest). More general scopes are prefixes of individual-image - scopes, and specify a repository (by omitting the tag or digest), - a repository namespace, or a registry host (by only specifying the - host name and possibly a port number) or a wildcard expression starting - with `*.`, for matching all subdomains (not including a port number). - Wildcards are only supported for subdomain matching, and may not - be used in the middle of the host, i.e. *.example.com is a valid - case, but example*.*.com is not. Please be aware that the scopes - should not be nested under the repositories of OpenShift Container - Platform images. If configured, the policies for OpenShift Container - Platform repositories will not be in effect. For additional details - about the format, please refer to the document explaining the docker - transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker' - items: - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid image scope format, scope must contain a fully - qualified domain name or 'localhost' - rule: 'size(self.split(''/'')[0].split(''.'')) == 1 ? self.split(''/'')[0].split(''.'')[0].split('':'')[0] - == ''localhost'' : true' - - message: invalid image scope with wildcard, a wildcard can only - be at the start of the domain and is only supported for subdomain - matching, not path matching - rule: 'self.contains(''*'') ? self.matches(''^\\*(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$'') - : true' - - message: invalid repository namespace or image specification in - the image scope - rule: '!self.contains(''*'') ? self.matches(''^((((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?)(?::([\\w][\\w.-]{0,127}))?(?:@([A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}))?$'') - : true' - maxItems: 256 - type: array - x-kubernetes-list-type: set - required: - - policy - - scopes - type: object - status: - description: status contains the observed state of the resource. - properties: - conditions: - description: conditions provide details on the status of this API - Resource. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_clusterimagepolicy-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_clusterimagepolicy-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index 5dba4be8d0c..00000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_clusterimagepolicy-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,399 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1457 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: clusterimagepolicies.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ClusterImagePolicy - listKind: ClusterImagePolicyList - plural: clusterimagepolicies - singular: clusterimagepolicy - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "ClusterImagePolicy holds cluster-wide configuration for image - signature verification \n Compatibility level 4: No compatibility is provided, - the API can change at any point for any reason. These capabilities should - not be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec contains the configuration for the cluster image policy. - properties: - policy: - description: policy contains configuration to allow scopes to be verified, - and defines how images not matching the verification policy will - be treated. - properties: - rootOfTrust: - description: rootOfTrust specifies the root of trust for the policy. - properties: - fulcioCAWithRekor: - description: 'fulcioCAWithRekor defines the root of trust - based on the Fulcio certificate and the Rekor public key. - For more information about Fulcio and Rekor, please refer - to the document at: https://github.com/sigstore/fulcio and - https://github.com/sigstore/rekor' - properties: - fulcioCAData: - description: fulcioCAData contains inline base64-encoded - data for the PEM format fulcio CA. fulcioCAData must - be at most 8192 characters. - format: byte - maxLength: 8192 - type: string - fulcioSubject: - description: fulcioSubject specifies OIDC issuer and the - email of the Fulcio authentication configuration. - properties: - oidcIssuer: - description: 'oidcIssuer contains the expected OIDC - issuer. It will be verified that the Fulcio-issued - certificate contains a (Fulcio-defined) certificate - extension pointing at this OIDC issuer URL. When - Fulcio issues certificates, it includes a value - based on an URL inside the client-provided ID token. - Example: "https://expected.OIDC.issuer/"' - type: string - x-kubernetes-validations: - - message: oidcIssuer must be a valid URL - rule: isURL(self) - signedEmail: - description: 'signedEmail holds the email address - the the Fulcio certificate is issued for. Example: - "expected-signing-user@example.com"' - type: string - x-kubernetes-validations: - - message: invalid email address - rule: self.matches('^\\S+@\\S+$') - required: - - oidcIssuer - - signedEmail - type: object - rekorKeyData: - description: rekorKeyData contains inline base64-encoded - data for the PEM format from the Rekor public key. rekorKeyData - must be at most 8192 characters. - format: byte - maxLength: 8192 - type: string - required: - - fulcioCAData - - fulcioSubject - - rekorKeyData - type: object - policyType: - description: policyType serves as the union's discriminator. - Users are required to assign a value to this field, choosing - one of the policy types that define the root of trust. "PublicKey" - indicates that the policy relies on a sigstore publicKey - and may optionally use a Rekor verification. "FulcioCAWithRekor" - indicates that the policy is based on the Fulcio certification - and incorporates a Rekor verification. - enum: - - PublicKey - - FulcioCAWithRekor - type: string - publicKey: - description: publicKey defines the root of trust based on - a sigstore public key. - properties: - keyData: - description: keyData contains inline base64-encoded data - for the PEM format public key. KeyData must be at most - 8192 characters. - format: byte - maxLength: 8192 - type: string - rekorKeyData: - description: rekorKeyData contains inline base64-encoded - data for the PEM format from the Rekor public key. rekorKeyData - must be at most 8192 characters. - format: byte - maxLength: 8192 - type: string - required: - - keyData - type: object - required: - - policyType - type: object - x-kubernetes-validations: - - message: publicKey is required when policyType is PublicKey, - and forbidden otherwise - rule: 'has(self.policyType) && self.policyType == ''PublicKey'' - ? has(self.publicKey) : !has(self.publicKey)' - - message: fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, - and forbidden otherwise - rule: 'has(self.policyType) && self.policyType == ''FulcioCAWithRekor'' - ? has(self.fulcioCAWithRekor) : !has(self.fulcioCAWithRekor)' - signedIdentity: - description: signedIdentity specifies what image identity the - signature claims about the image. The required matchPolicy field - specifies the approach used in the verification process to verify - the identity in the signature and the actual image identity, - the default matchPolicy is "MatchRepoDigestOrExact". - properties: - exactRepository: - description: exactRepository is required if matchPolicy is - set to "ExactRepository". - properties: - repository: - description: repository is the reference of the image - identity to be matched. The value should be a repository - name (by omitting the tag or digest) in a registry implementing - the "Docker Registry HTTP API V2". For example, docker.io/library/busybox - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - required: - - repository - type: object - matchPolicy: - description: matchPolicy sets the type of matching to be used. - Valid values are "MatchRepoDigestOrExact", "MatchRepository", - "ExactRepository", "RemapIdentity". When omitted, the default - value is "MatchRepoDigestOrExact". If set matchPolicy to - ExactRepository, then the exactRepository must be specified. - If set matchPolicy to RemapIdentity, then the remapIdentity - must be specified. "MatchRepoDigestOrExact" means that the - identity in the signature must be in the same repository - as the image identity if the image identity is referenced - by a digest. Otherwise, the identity in the signature must - be the same as the image identity. "MatchRepository" means - that the identity in the signature must be in the same repository - as the image identity. "ExactRepository" means that the - identity in the signature must be in the same repository - as a specific identity specified by "repository". "RemapIdentity" - means that the signature must be in the same as the remapped - image identity. Remapped image identity is obtained by replacing - the "prefix" with the specified “signedPrefix” if the the - image identity matches the specified remapPrefix. - enum: - - MatchRepoDigestOrExact - - MatchRepository - - ExactRepository - - RemapIdentity - type: string - remapIdentity: - description: remapIdentity is required if matchPolicy is set - to "RemapIdentity". - properties: - prefix: - description: prefix is the prefix of the image identity - to be matched. If the image identity matches the specified - prefix, that prefix is replaced by the specified “signedPrefix” - (otherwise it is used as unchanged and no remapping - takes place). This useful when verifying signatures - for a mirror of some other repository namespace that - preserves the vendor’s repository structure. The prefix - and signedPrefix values can be either host[:port] values - (matching exactly the same host[:port], string), repository - namespaces, or repositories (i.e. they must not contain - tags/digests), and match as prefixes of the fully expanded - form. For example, docker.io/library/busybox (not busybox) - to specify that single repository, or docker.io/library - (not an empty string) to specify the parent namespace - of docker.io/library/busybox. - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - signedPrefix: - description: signedPrefix is the prefix of the image identity - to be matched in the signature. The format is the same - as "prefix". The values can be either host[:port] values - (matching exactly the same host[:port], string), repository - namespaces, or repositories (i.e. they must not contain - tags/digests), and match as prefixes of the fully expanded - form. For example, docker.io/library/busybox (not busybox) - to specify that single repository, or docker.io/library - (not an empty string) to specify the parent namespace - of docker.io/library/busybox. - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - required: - - prefix - - signedPrefix - type: object - required: - - matchPolicy - type: object - x-kubernetes-validations: - - message: exactRepository is required when matchPolicy is ExactRepository, - and forbidden otherwise - rule: '(has(self.matchPolicy) && self.matchPolicy == ''ExactRepository'') - ? has(self.exactRepository) : !has(self.exactRepository)' - - message: remapIdentity is required when matchPolicy is RemapIdentity, - and forbidden otherwise - rule: '(has(self.matchPolicy) && self.matchPolicy == ''RemapIdentity'') - ? has(self.remapIdentity) : !has(self.remapIdentity)' - required: - - rootOfTrust - type: object - scopes: - description: 'scopes defines the list of image identities assigned - to a policy. Each item refers to a scope in a registry implementing - the "Docker Registry HTTP API V2". Scopes matching individual images - are named Docker references in the fully expanded form, either using - a tag or digest. For example, docker.io/library/busybox:latest (not - busybox:latest). More general scopes are prefixes of individual-image - scopes, and specify a repository (by omitting the tag or digest), - a repository namespace, or a registry host (by only specifying the - host name and possibly a port number) or a wildcard expression starting - with `*.`, for matching all subdomains (not including a port number). - Wildcards are only supported for subdomain matching, and may not - be used in the middle of the host, i.e. *.example.com is a valid - case, but example*.*.com is not. Please be aware that the scopes - should not be nested under the repositories of OpenShift Container - Platform images. If configured, the policies for OpenShift Container - Platform repositories will not be in effect. For additional details - about the format, please refer to the document explaining the docker - transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker' - items: - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid image scope format, scope must contain a fully - qualified domain name or 'localhost' - rule: 'size(self.split(''/'')[0].split(''.'')) == 1 ? self.split(''/'')[0].split(''.'')[0].split('':'')[0] - == ''localhost'' : true' - - message: invalid image scope with wildcard, a wildcard can only - be at the start of the domain and is only supported for subdomain - matching, not path matching - rule: 'self.contains(''*'') ? self.matches(''^\\*(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$'') - : true' - - message: invalid repository namespace or image specification in - the image scope - rule: '!self.contains(''*'') ? self.matches(''^((((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?)(?::([\\w][\\w.-]{0,127}))?(?:@([A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}))?$'') - : true' - maxItems: 256 - type: array - x-kubernetes-list-type: set - required: - - policy - - scopes - type: object - status: - description: status contains the observed state of the resource. - properties: - conditions: - description: conditions provide details on the status of this API - Resource. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_imagepolicy-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_imagepolicy-CustomNoUpgrade.crd.yaml deleted file mode 100644 index 2ccf84d3a23..00000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_imagepolicy-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,399 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1457 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: imagepolicies.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ImagePolicy - listKind: ImagePolicyList - plural: imagepolicies - singular: imagepolicy - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "ImagePolicy holds namespace-wide configuration for image signature - verification \n Compatibility level 4: No compatibility is provided, the - API can change at any point for any reason. These capabilities should not - be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - policy: - description: policy contains configuration to allow scopes to be verified, - and defines how images not matching the verification policy will - be treated. - properties: - rootOfTrust: - description: rootOfTrust specifies the root of trust for the policy. - properties: - fulcioCAWithRekor: - description: 'fulcioCAWithRekor defines the root of trust - based on the Fulcio certificate and the Rekor public key. - For more information about Fulcio and Rekor, please refer - to the document at: https://github.com/sigstore/fulcio and - https://github.com/sigstore/rekor' - properties: - fulcioCAData: - description: fulcioCAData contains inline base64-encoded - data for the PEM format fulcio CA. fulcioCAData must - be at most 8192 characters. - format: byte - maxLength: 8192 - type: string - fulcioSubject: - description: fulcioSubject specifies OIDC issuer and the - email of the Fulcio authentication configuration. - properties: - oidcIssuer: - description: 'oidcIssuer contains the expected OIDC - issuer. It will be verified that the Fulcio-issued - certificate contains a (Fulcio-defined) certificate - extension pointing at this OIDC issuer URL. When - Fulcio issues certificates, it includes a value - based on an URL inside the client-provided ID token. - Example: "https://expected.OIDC.issuer/"' - type: string - x-kubernetes-validations: - - message: oidcIssuer must be a valid URL - rule: isURL(self) - signedEmail: - description: 'signedEmail holds the email address - the the Fulcio certificate is issued for. Example: - "expected-signing-user@example.com"' - type: string - x-kubernetes-validations: - - message: invalid email address - rule: self.matches('^\\S+@\\S+$') - required: - - oidcIssuer - - signedEmail - type: object - rekorKeyData: - description: rekorKeyData contains inline base64-encoded - data for the PEM format from the Rekor public key. rekorKeyData - must be at most 8192 characters. - format: byte - maxLength: 8192 - type: string - required: - - fulcioCAData - - fulcioSubject - - rekorKeyData - type: object - policyType: - description: policyType serves as the union's discriminator. - Users are required to assign a value to this field, choosing - one of the policy types that define the root of trust. "PublicKey" - indicates that the policy relies on a sigstore publicKey - and may optionally use a Rekor verification. "FulcioCAWithRekor" - indicates that the policy is based on the Fulcio certification - and incorporates a Rekor verification. - enum: - - PublicKey - - FulcioCAWithRekor - type: string - publicKey: - description: publicKey defines the root of trust based on - a sigstore public key. - properties: - keyData: - description: keyData contains inline base64-encoded data - for the PEM format public key. KeyData must be at most - 8192 characters. - format: byte - maxLength: 8192 - type: string - rekorKeyData: - description: rekorKeyData contains inline base64-encoded - data for the PEM format from the Rekor public key. rekorKeyData - must be at most 8192 characters. - format: byte - maxLength: 8192 - type: string - required: - - keyData - type: object - required: - - policyType - type: object - x-kubernetes-validations: - - message: publicKey is required when policyType is PublicKey, - and forbidden otherwise - rule: 'has(self.policyType) && self.policyType == ''PublicKey'' - ? has(self.publicKey) : !has(self.publicKey)' - - message: fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, - and forbidden otherwise - rule: 'has(self.policyType) && self.policyType == ''FulcioCAWithRekor'' - ? has(self.fulcioCAWithRekor) : !has(self.fulcioCAWithRekor)' - signedIdentity: - description: signedIdentity specifies what image identity the - signature claims about the image. The required matchPolicy field - specifies the approach used in the verification process to verify - the identity in the signature and the actual image identity, - the default matchPolicy is "MatchRepoDigestOrExact". - properties: - exactRepository: - description: exactRepository is required if matchPolicy is - set to "ExactRepository". - properties: - repository: - description: repository is the reference of the image - identity to be matched. The value should be a repository - name (by omitting the tag or digest) in a registry implementing - the "Docker Registry HTTP API V2". For example, docker.io/library/busybox - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - required: - - repository - type: object - matchPolicy: - description: matchPolicy sets the type of matching to be used. - Valid values are "MatchRepoDigestOrExact", "MatchRepository", - "ExactRepository", "RemapIdentity". When omitted, the default - value is "MatchRepoDigestOrExact". If set matchPolicy to - ExactRepository, then the exactRepository must be specified. - If set matchPolicy to RemapIdentity, then the remapIdentity - must be specified. "MatchRepoDigestOrExact" means that the - identity in the signature must be in the same repository - as the image identity if the image identity is referenced - by a digest. Otherwise, the identity in the signature must - be the same as the image identity. "MatchRepository" means - that the identity in the signature must be in the same repository - as the image identity. "ExactRepository" means that the - identity in the signature must be in the same repository - as a specific identity specified by "repository". "RemapIdentity" - means that the signature must be in the same as the remapped - image identity. Remapped image identity is obtained by replacing - the "prefix" with the specified “signedPrefix” if the the - image identity matches the specified remapPrefix. - enum: - - MatchRepoDigestOrExact - - MatchRepository - - ExactRepository - - RemapIdentity - type: string - remapIdentity: - description: remapIdentity is required if matchPolicy is set - to "RemapIdentity". - properties: - prefix: - description: prefix is the prefix of the image identity - to be matched. If the image identity matches the specified - prefix, that prefix is replaced by the specified “signedPrefix” - (otherwise it is used as unchanged and no remapping - takes place). This useful when verifying signatures - for a mirror of some other repository namespace that - preserves the vendor’s repository structure. The prefix - and signedPrefix values can be either host[:port] values - (matching exactly the same host[:port], string), repository - namespaces, or repositories (i.e. they must not contain - tags/digests), and match as prefixes of the fully expanded - form. For example, docker.io/library/busybox (not busybox) - to specify that single repository, or docker.io/library - (not an empty string) to specify the parent namespace - of docker.io/library/busybox. - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - signedPrefix: - description: signedPrefix is the prefix of the image identity - to be matched in the signature. The format is the same - as "prefix". The values can be either host[:port] values - (matching exactly the same host[:port], string), repository - namespaces, or repositories (i.e. they must not contain - tags/digests), and match as prefixes of the fully expanded - form. For example, docker.io/library/busybox (not busybox) - to specify that single repository, or docker.io/library - (not an empty string) to specify the parent namespace - of docker.io/library/busybox. - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - required: - - prefix - - signedPrefix - type: object - required: - - matchPolicy - type: object - x-kubernetes-validations: - - message: exactRepository is required when matchPolicy is ExactRepository, - and forbidden otherwise - rule: '(has(self.matchPolicy) && self.matchPolicy == ''ExactRepository'') - ? has(self.exactRepository) : !has(self.exactRepository)' - - message: remapIdentity is required when matchPolicy is RemapIdentity, - and forbidden otherwise - rule: '(has(self.matchPolicy) && self.matchPolicy == ''RemapIdentity'') - ? has(self.remapIdentity) : !has(self.remapIdentity)' - required: - - rootOfTrust - type: object - scopes: - description: 'scopes defines the list of image identities assigned - to a policy. Each item refers to a scope in a registry implementing - the "Docker Registry HTTP API V2". Scopes matching individual images - are named Docker references in the fully expanded form, either using - a tag or digest. For example, docker.io/library/busybox:latest (not - busybox:latest). More general scopes are prefixes of individual-image - scopes, and specify a repository (by omitting the tag or digest), - a repository namespace, or a registry host (by only specifying the - host name and possibly a port number) or a wildcard expression starting - with `*.`, for matching all subdomains (not including a port number). - Wildcards are only supported for subdomain matching, and may not - be used in the middle of the host, i.e. *.example.com is a valid - case, but example*.*.com is not. Please be aware that the scopes - should not be nested under the repositories of OpenShift Container - Platform images. If configured, the policies for OpenShift Container - Platform repositories will not be in effect. For additional details - about the format, please refer to the document explaining the docker - transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker' - items: - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid image scope format, scope must contain a fully - qualified domain name or 'localhost' - rule: 'size(self.split(''/'')[0].split(''.'')) == 1 ? self.split(''/'')[0].split(''.'')[0].split('':'')[0] - == ''localhost'' : true' - - message: invalid image scope with wildcard, a wildcard can only - be at the start of the domain and is only supported for subdomain - matching, not path matching - rule: 'self.contains(''*'') ? self.matches(''^\\*(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$'') - : true' - - message: invalid repository namespace or image specification in - the image scope - rule: '!self.contains(''*'') ? self.matches(''^((((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?)(?::([\\w][\\w.-]{0,127}))?(?:@([A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}))?$'') - : true' - maxItems: 256 - type: array - x-kubernetes-list-type: set - required: - - policy - - scopes - type: object - status: - description: status contains the observed state of the resource. - properties: - conditions: - description: conditions provide details on the status of this API - Resource. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_imagepolicy-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_imagepolicy-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index 8c63d9ac336..00000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_imagepolicy-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,399 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1457 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: imagepolicies.config.openshift.io -spec: - group: config.openshift.io - names: - kind: ImagePolicy - listKind: ImagePolicyList - plural: imagepolicies - singular: imagepolicy - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "ImagePolicy holds namespace-wide configuration for image signature - verification \n Compatibility level 4: No compatibility is provided, the - API can change at any point for any reason. These capabilities should not - be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - policy: - description: policy contains configuration to allow scopes to be verified, - and defines how images not matching the verification policy will - be treated. - properties: - rootOfTrust: - description: rootOfTrust specifies the root of trust for the policy. - properties: - fulcioCAWithRekor: - description: 'fulcioCAWithRekor defines the root of trust - based on the Fulcio certificate and the Rekor public key. - For more information about Fulcio and Rekor, please refer - to the document at: https://github.com/sigstore/fulcio and - https://github.com/sigstore/rekor' - properties: - fulcioCAData: - description: fulcioCAData contains inline base64-encoded - data for the PEM format fulcio CA. fulcioCAData must - be at most 8192 characters. - format: byte - maxLength: 8192 - type: string - fulcioSubject: - description: fulcioSubject specifies OIDC issuer and the - email of the Fulcio authentication configuration. - properties: - oidcIssuer: - description: 'oidcIssuer contains the expected OIDC - issuer. It will be verified that the Fulcio-issued - certificate contains a (Fulcio-defined) certificate - extension pointing at this OIDC issuer URL. When - Fulcio issues certificates, it includes a value - based on an URL inside the client-provided ID token. - Example: "https://expected.OIDC.issuer/"' - type: string - x-kubernetes-validations: - - message: oidcIssuer must be a valid URL - rule: isURL(self) - signedEmail: - description: 'signedEmail holds the email address - the the Fulcio certificate is issued for. Example: - "expected-signing-user@example.com"' - type: string - x-kubernetes-validations: - - message: invalid email address - rule: self.matches('^\\S+@\\S+$') - required: - - oidcIssuer - - signedEmail - type: object - rekorKeyData: - description: rekorKeyData contains inline base64-encoded - data for the PEM format from the Rekor public key. rekorKeyData - must be at most 8192 characters. - format: byte - maxLength: 8192 - type: string - required: - - fulcioCAData - - fulcioSubject - - rekorKeyData - type: object - policyType: - description: policyType serves as the union's discriminator. - Users are required to assign a value to this field, choosing - one of the policy types that define the root of trust. "PublicKey" - indicates that the policy relies on a sigstore publicKey - and may optionally use a Rekor verification. "FulcioCAWithRekor" - indicates that the policy is based on the Fulcio certification - and incorporates a Rekor verification. - enum: - - PublicKey - - FulcioCAWithRekor - type: string - publicKey: - description: publicKey defines the root of trust based on - a sigstore public key. - properties: - keyData: - description: keyData contains inline base64-encoded data - for the PEM format public key. KeyData must be at most - 8192 characters. - format: byte - maxLength: 8192 - type: string - rekorKeyData: - description: rekorKeyData contains inline base64-encoded - data for the PEM format from the Rekor public key. rekorKeyData - must be at most 8192 characters. - format: byte - maxLength: 8192 - type: string - required: - - keyData - type: object - required: - - policyType - type: object - x-kubernetes-validations: - - message: publicKey is required when policyType is PublicKey, - and forbidden otherwise - rule: 'has(self.policyType) && self.policyType == ''PublicKey'' - ? has(self.publicKey) : !has(self.publicKey)' - - message: fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, - and forbidden otherwise - rule: 'has(self.policyType) && self.policyType == ''FulcioCAWithRekor'' - ? has(self.fulcioCAWithRekor) : !has(self.fulcioCAWithRekor)' - signedIdentity: - description: signedIdentity specifies what image identity the - signature claims about the image. The required matchPolicy field - specifies the approach used in the verification process to verify - the identity in the signature and the actual image identity, - the default matchPolicy is "MatchRepoDigestOrExact". - properties: - exactRepository: - description: exactRepository is required if matchPolicy is - set to "ExactRepository". - properties: - repository: - description: repository is the reference of the image - identity to be matched. The value should be a repository - name (by omitting the tag or digest) in a registry implementing - the "Docker Registry HTTP API V2". For example, docker.io/library/busybox - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - required: - - repository - type: object - matchPolicy: - description: matchPolicy sets the type of matching to be used. - Valid values are "MatchRepoDigestOrExact", "MatchRepository", - "ExactRepository", "RemapIdentity". When omitted, the default - value is "MatchRepoDigestOrExact". If set matchPolicy to - ExactRepository, then the exactRepository must be specified. - If set matchPolicy to RemapIdentity, then the remapIdentity - must be specified. "MatchRepoDigestOrExact" means that the - identity in the signature must be in the same repository - as the image identity if the image identity is referenced - by a digest. Otherwise, the identity in the signature must - be the same as the image identity. "MatchRepository" means - that the identity in the signature must be in the same repository - as the image identity. "ExactRepository" means that the - identity in the signature must be in the same repository - as a specific identity specified by "repository". "RemapIdentity" - means that the signature must be in the same as the remapped - image identity. Remapped image identity is obtained by replacing - the "prefix" with the specified “signedPrefix” if the the - image identity matches the specified remapPrefix. - enum: - - MatchRepoDigestOrExact - - MatchRepository - - ExactRepository - - RemapIdentity - type: string - remapIdentity: - description: remapIdentity is required if matchPolicy is set - to "RemapIdentity". - properties: - prefix: - description: prefix is the prefix of the image identity - to be matched. If the image identity matches the specified - prefix, that prefix is replaced by the specified “signedPrefix” - (otherwise it is used as unchanged and no remapping - takes place). This useful when verifying signatures - for a mirror of some other repository namespace that - preserves the vendor’s repository structure. The prefix - and signedPrefix values can be either host[:port] values - (matching exactly the same host[:port], string), repository - namespaces, or repositories (i.e. they must not contain - tags/digests), and match as prefixes of the fully expanded - form. For example, docker.io/library/busybox (not busybox) - to specify that single repository, or docker.io/library - (not an empty string) to specify the parent namespace - of docker.io/library/busybox. - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - signedPrefix: - description: signedPrefix is the prefix of the image identity - to be matched in the signature. The format is the same - as "prefix". The values can be either host[:port] values - (matching exactly the same host[:port], string), repository - namespaces, or repositories (i.e. they must not contain - tags/digests), and match as prefixes of the fully expanded - form. For example, docker.io/library/busybox (not busybox) - to specify that single repository, or docker.io/library - (not an empty string) to specify the parent namespace - of docker.io/library/busybox. - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid repository or prefix in the signedIdentity, - should not include the tag or digest - rule: 'self.matches(''.*:([\\w][\\w.-]{0,127})$'')? - self.matches(''^(localhost:[0-9]+)$''): true' - - message: invalid repository or prefix in the signedIdentity - rule: self.matches('^(((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?$') - required: - - prefix - - signedPrefix - type: object - required: - - matchPolicy - type: object - x-kubernetes-validations: - - message: exactRepository is required when matchPolicy is ExactRepository, - and forbidden otherwise - rule: '(has(self.matchPolicy) && self.matchPolicy == ''ExactRepository'') - ? has(self.exactRepository) : !has(self.exactRepository)' - - message: remapIdentity is required when matchPolicy is RemapIdentity, - and forbidden otherwise - rule: '(has(self.matchPolicy) && self.matchPolicy == ''RemapIdentity'') - ? has(self.remapIdentity) : !has(self.remapIdentity)' - required: - - rootOfTrust - type: object - scopes: - description: 'scopes defines the list of image identities assigned - to a policy. Each item refers to a scope in a registry implementing - the "Docker Registry HTTP API V2". Scopes matching individual images - are named Docker references in the fully expanded form, either using - a tag or digest. For example, docker.io/library/busybox:latest (not - busybox:latest). More general scopes are prefixes of individual-image - scopes, and specify a repository (by omitting the tag or digest), - a repository namespace, or a registry host (by only specifying the - host name and possibly a port number) or a wildcard expression starting - with `*.`, for matching all subdomains (not including a port number). - Wildcards are only supported for subdomain matching, and may not - be used in the middle of the host, i.e. *.example.com is a valid - case, but example*.*.com is not. Please be aware that the scopes - should not be nested under the repositories of OpenShift Container - Platform images. If configured, the policies for OpenShift Container - Platform repositories will not be in effect. For additional details - about the format, please refer to the document explaining the docker - transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker' - items: - maxLength: 512 - type: string - x-kubernetes-validations: - - message: invalid image scope format, scope must contain a fully - qualified domain name or 'localhost' - rule: 'size(self.split(''/'')[0].split(''.'')) == 1 ? self.split(''/'')[0].split(''.'')[0].split('':'')[0] - == ''localhost'' : true' - - message: invalid image scope with wildcard, a wildcard can only - be at the start of the domain and is only supported for subdomain - matching, not path matching - rule: 'self.contains(''*'') ? self.matches(''^\\*(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+$'') - : true' - - message: invalid repository namespace or image specification in - the image scope - rule: '!self.contains(''*'') ? self.matches(''^((((?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9])(?:\\.(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9-]*[a-zA-Z0-9]))+(?::[0-9]+)?)|(localhost(?::[0-9]+)?))(?:(?:/[a-z0-9]+(?:(?:(?:[._]|__|[-]*)[a-z0-9]+)+)?)+)?)(?::([\\w][\\w.-]{0,127}))?(?:@([A-Za-z][A-Za-z0-9]*(?:[-_+.][A-Za-z][A-Za-z0-9]*)*[:][[:xdigit:]]{32,}))?$'') - : true' - maxItems: 256 - type: array - x-kubernetes-list-type: set - required: - - policy - - scopes - type: object - status: - description: status contains the observed state of the resource. - properties: - conditions: - description: conditions provide details on the status of this API - Resource. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_insightsdatagather-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_insightsdatagather-CustomNoUpgrade.crd.yaml deleted file mode 100644 index 9ba551538ba..00000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_insightsdatagather-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,89 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1245 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: insightsdatagathers.config.openshift.io -spec: - group: config.openshift.io - names: - kind: InsightsDataGather - listKind: InsightsDataGatherList - plural: insightsdatagathers - singular: insightsdatagather - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "InsightsDataGather provides data gather configuration options - for the the Insights Operator. \n Compatibility level 4: No compatibility - is provided, the API can change at any point for any reason. These capabilities - should not be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - gatherConfig: - description: gatherConfig spec attribute includes all the configuration - options related to gathering of the Insights data and its uploading - to the ingress. - properties: - dataPolicy: - description: dataPolicy allows user to enable additional global - obfuscation of the IP addresses and base domain in the Insights - archive data. Valid values are "None" and "ObfuscateNetworking". - When set to None the data is not obfuscated. When set to ObfuscateNetworking - the IP addresses and the cluster domain name are obfuscated. - When omitted, this means no opinion and the platform is left - to choose a reasonable default, which is subject to change over - time. The current default is None. - enum: - - "" - - None - - ObfuscateNetworking - type: string - disabledGatherers: - description: 'disabledGatherers is a list of gatherers to be excluded - from the gathering. All the gatherers can be disabled by providing - "all" value. If all the gatherers are disabled, the Insights - operator does not gather any data. The particular gatherers - IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. - Run the following command to get the names of last active gatherers: - "oc get insightsoperators.operator.openshift.io cluster -o json - | jq ''.status.gatherStatus.gatherers[].name''" An example of - disabling gatherers looks like this: `disabledGatherers: ["clusterconfig/machine_configs", - "workloads/workload_info"]`' - items: - type: string - type: array - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_insightsdatagather-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_insightsdatagather-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index a9f6bfa8701..00000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/0000_10_config-operator_01_insightsdatagather-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,89 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1245 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: insightsdatagathers.config.openshift.io -spec: - group: config.openshift.io - names: - kind: InsightsDataGather - listKind: InsightsDataGatherList - plural: insightsdatagathers - singular: insightsdatagather - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "InsightsDataGather provides data gather configuration options - for the the Insights Operator. \n Compatibility level 4: No compatibility - is provided, the API can change at any point for any reason. These capabilities - should not be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - gatherConfig: - description: gatherConfig spec attribute includes all the configuration - options related to gathering of the Insights data and its uploading - to the ingress. - properties: - dataPolicy: - description: dataPolicy allows user to enable additional global - obfuscation of the IP addresses and base domain in the Insights - archive data. Valid values are "None" and "ObfuscateNetworking". - When set to None the data is not obfuscated. When set to ObfuscateNetworking - the IP addresses and the cluster domain name are obfuscated. - When omitted, this means no opinion and the platform is left - to choose a reasonable default, which is subject to change over - time. The current default is None. - enum: - - "" - - None - - ObfuscateNetworking - type: string - disabledGatherers: - description: 'disabledGatherers is a list of gatherers to be excluded - from the gathering. All the gatherers can be disabled by providing - "all" value. If all the gatherers are disabled, the Insights - operator does not gather any data. The particular gatherers - IDs can be found at https://github.com/openshift/insights-operator/blob/master/docs/gathered-data.md. - Run the following command to get the names of last active gatherers: - "oc get insightsoperators.operator.openshift.io cluster -o json - | jq ''.status.gatherStatus.gatherers[].name''" An example of - disabling gatherers looks like this: `disabledGatherers: ["clusterconfig/machine_configs", - "workloads/workload_info"]`' - items: - type: string - type: array - type: object - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/custom.backup.testsuite.yaml b/vendor/github.com/openshift/api/config/v1alpha1/custom.backup.testsuite.yaml deleted file mode 100644 index cd567f70625..00000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/custom.backup.testsuite.yaml +++ /dev/null @@ -1,202 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Custom] Backup" -crd: 0000_10_config-operator_01_backup-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a Backup with a valid spec - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* 2 * * *" - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* 2 * * *" - pvcName: etcdbackup-pvc - - name: Should be able to create an EtcdBackup without the pvcName specified - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* 2 * * *" - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* 2 * * *" - - name: Should be able to create a Backup with a valid schedule - At 22:00 on every day-of-week from Monday through Friday - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "0 22 * * 1-5" - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "0 22 * * 1-5" - pvcName: etcdbackup-pvc - - name: Should be able to create a Backup with a valid schedule - At 04:05 on Sunday. - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "5 4 * * SUN" - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "5 4 * * SUN" - pvcName: etcdbackup-pvc - - name: Should be able to create a Backup with a valid schedule - Predefined hourly - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "@hourly" - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "@hourly" - pvcName: etcdbackup-pvc - - name: Should fail to create an EtcdBackup with an invalid schedule - At 04:05 on invalid day FOO. - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "5 4 * * FOO" - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.schedule in body should match" - - name: Should fail to create an EtcdBackup with an invalid schedule - Predefined typo @hourli instead of @hourly. - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "@hourli" - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.schedule in body should match" - - name: Should fail to create an EtcdBackup with an invalid schedule - Non standard L last Friday in month - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* * * * 5L" - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.schedule in body should match" - - name: Should fail to create an EtcdBackup with an invalid schedule - Non standard L 5th day before last day of month - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* * L-5 * *" - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.schedule in body should match" - - name: Should fail to create an EtcdBackup with an invalid schedule - Non standard W closest weekday to 15th of month - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* * 15W * *" - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.schedule in body should match" - - name: Should be able to create a Backup with a valid time zone - Africa/Banjul - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: Africa/Banjul - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: Africa/Banjul - pvcName: etcdbackup-pvc - - name: Should be able to create a Backup with a valid time zone - Etc/GMT-8 - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: Etc/GMT-8 - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: Etc/GMT-8 - pvcName: etcdbackup-pvc - - name: Should be able to create a Backup with a valid time zone - Etc/UTC - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: Etc/UTC - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: Etc/UTC - pvcName: etcdbackup-pvc - - name: Should be able to create a Backup with a valid time zone - America/Argentina/Catamarca - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: America/Argentina/Catamarca - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: America/Argentina/Catamarca - pvcName: etcdbackup-pvc - - name: Should fail to create an EtcdBackup with an invalid time zone - GMT2 - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: GMT2 - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.timeZone in body should match" - - name: Should fail to create an EtcdBackup with an invalid time zone - GMT+3 - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: GMT+3 - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.timeZone in body should match" - diff --git a/vendor/github.com/openshift/api/config/v1alpha1/custom.clusterimagepolicy.testsuite.yaml b/vendor/github.com/openshift/api/config/v1alpha1/custom.clusterimagepolicy.testsuite.yaml deleted file mode 100644 index 232bdf037b7..00000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/custom.clusterimagepolicy.testsuite.yaml +++ /dev/null @@ -1,451 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[CustomNoUpgrade] ClusterImagePolicy" -crd: 0000_10_config-operator_01_clusterimagepolicy-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ImagePolicy with policyType PublicKey - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Should be able to create a minimal ImagePolicy with policyType FulcioCAWithRekor - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - fulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - fulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - - name: Should not allow policyType PublicKey but not set publicKey - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - FulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": publicKey is required when policyType is PublicKey, and forbidden otherwise" - - name: Should not allow policyType FulcioCAData but not set fulcioCAWithRekor - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - PublicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" - - name: Should not allow policyType set but not set corresponding policy - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": publicKey is required when policyType is PublicKey, and forbidden otherwise" - - name: Should not allow policyType set FulcioCAWith but not set corresponding policy - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" - - name: Should not allow signedIdentity matchPolicy ExactRepository but not set repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - expectedError: "spec.policy.signedIdentity: Invalid value: \"object\": exactRepository is required when matchPolicy is ExactRepository, and forbidden otherwise" - - name: Should not allow signedIdentity matchPolicy RemapIdentity but not set prefixes - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - expectedError: "spec.policy.signedIdentity: Invalid value: \"object\": remapIdentity is required when matchPolicy is RemapIdentity, and forbidden otherwise" - - name: Test scope should not allow 'busybox' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - busybox - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid image scope format, scope must contain a fully qualified domain name or 'localhost'" - - name: Test scope should not allow start with subnamesapces '*.example.com/test' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - "*.example.com/test" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid image scope with wildcard, a wildcard can only be at the start of the domain and is only supported for subdomain matching, not path matching" - - name: Test scope should not allow invalid digest - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:12dsdf - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid repository namespace or image specification in the image scope" - - name: Test should not allow tag in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com/namespace/namespace:latest - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow tag in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: localhost:1234/namespace/namespace:latest - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow digest in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: localhost:1234/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow tag in prefix/signedPrefix - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com/namespace:latest - signedPrefix: example.com/namespace - expectedError: "[spec.policy.signedIdentity.remapIdentity.prefix: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.remapIdentity.prefix: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should allow valid ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com - - name: Test should allow valid signedIdentity prefix/signedPrefix - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com - signedPrefix: mirror.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com - signedPrefix: mirror.com - - name: Test scope should allow localhost name with port 'localhost:1234/namespace/namespace' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - localhost:1234/namespace/namespace - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - localhost:1234/namespace/namespace - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow localhost 'localhost/foo/bar' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - localhost/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - localhost/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow 'example.com/foo/bar' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow tag 'example.com/foo/bar:latest' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/foo/bar:latest - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/foo/bar:latest - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow full specification digest - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow '*.example.com' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - "*.example.com" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - "*.example.com" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== diff --git a/vendor/github.com/openshift/api/config/v1alpha1/custom.imagepolicy.testsuite.yaml b/vendor/github.com/openshift/api/config/v1alpha1/custom.imagepolicy.testsuite.yaml deleted file mode 100644 index 05b1487faa8..00000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/custom.imagepolicy.testsuite.yaml +++ /dev/null @@ -1,451 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[CustomNoUpgrade] ImagePolicy" -crd: 0000_10_config-operator_01_imagepolicy-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ImagePolicy with policyType PublicKey - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Should be able to create a minimal ImagePolicy with policyType FulcioCAWithRekor - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - fulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - fulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - - name: Should not allow policyType PublicKey but not set publicKey - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - FulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": publicKey is required when policyType is PublicKey, and forbidden otherwise" - - name: Should not allow policyType FulcioCAData but not set fulcioCAWithRekor - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - PublicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" - - name: Should not allow policyType set but not set corresponding policy - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": publicKey is required when policyType is PublicKey, and forbidden otherwise" - - name: Should not allow policyType set FulcioCAWith but not set corresponding policy - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" - - name: Should not allow signedIdentity matchPolicy ExactRepository but not set repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - expectedError: "spec.policy.signedIdentity: Invalid value: \"object\": exactRepository is required when matchPolicy is ExactRepository, and forbidden otherwise" - - name: Should not allow signedIdentity matchPolicy RemapIdentity but not set prefixes - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - expectedError: "spec.policy.signedIdentity: Invalid value: \"object\": remapIdentity is required when matchPolicy is RemapIdentity, and forbidden otherwise" - - name: Test scope should not allow 'busybox' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - busybox - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid image scope format, scope must contain a fully qualified domain name or 'localhost'" - - name: Test scope should not allow start with subnamesapces '*.example.com/test' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - "*.example.com/test" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid image scope with wildcard, a wildcard can only be at the start of the domain and is only supported for subdomain matching, not path matching" - - name: Test scope should not allow invalid digest - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:12dsdf - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid repository namespace or image specification in the image scope" - - name: Test should not allow tag in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com/namespace/namespace:latest - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow tag in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: localhost:1234/namespace/namespace:latest - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow digest in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: localhost:1234/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow tag in prefix/signedPrefix - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com/namespace:latest - signedPrefix: example.com/namespace - expectedError: "[spec.policy.signedIdentity.remapIdentity.prefix: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.remapIdentity.prefix: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should allow valid ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com - - name: Test should allow valid signedIdentity prefix/signedPrefix - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com - signedPrefix: mirror.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com - signedPrefix: mirror.com - - name: Test scope should allow localhost name with port 'localhost:1234/namespace/namespace' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - localhost:1234/namespace/namespace - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - localhost:1234/namespace/namespace - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow localhost 'localhost/foo/bar' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - localhost/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - localhost/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow 'example.com/foo/bar' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow tag 'example.com/foo/bar:latest' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/foo/bar:latest - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/foo/bar:latest - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow full specification digest - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow '*.example.com' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - "*.example.com" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - "*.example.com" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== diff --git a/vendor/github.com/openshift/api/config/v1alpha1/custom.insightsdatagather.testsuite.yaml b/vendor/github.com/openshift/api/config/v1alpha1/custom.insightsdatagather.testsuite.yaml deleted file mode 100644 index 13c725e6a2a..00000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/custom.insightsdatagather.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Custom] InsightsDataGather" -crd: 0000_10_config-operator_01_insightsdatagather-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal InsightsDataGather - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: InsightsDataGather - spec: {} # No spec is required for a InsightsDataGather - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: InsightsDataGather - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/techpreview.backup.testsuite.yaml b/vendor/github.com/openshift/api/config/v1alpha1/techpreview.backup.testsuite.yaml deleted file mode 100644 index 91836dd93e3..00000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/techpreview.backup.testsuite.yaml +++ /dev/null @@ -1,202 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreview] Backup" -crd: 0000_10_config-operator_01_backup-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a Backup with a valid spec - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* 2 * * *" - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* 2 * * *" - pvcName: etcdbackup-pvc - - name: Should be able to create an EtcdBackup without the pvcName specified - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* 2 * * *" - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* 2 * * *" - - name: Should be able to create a Backup with a valid schedule - At 22:00 on every day-of-week from Monday through Friday - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "0 22 * * 1-5" - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "0 22 * * 1-5" - pvcName: etcdbackup-pvc - - name: Should be able to create a Backup with a valid schedule - At 04:05 on Sunday. - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "5 4 * * SUN" - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "5 4 * * SUN" - pvcName: etcdbackup-pvc - - name: Should be able to create a Backup with a valid schedule - Predefined hourly - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "@hourly" - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "@hourly" - pvcName: etcdbackup-pvc - - name: Should fail to create an EtcdBackup with an invalid schedule - At 04:05 on invalid day FOO. - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "5 4 * * FOO" - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.schedule in body should match" - - name: Should fail to create an EtcdBackup with an invalid schedule - Predefined typo @hourli instead of @hourly. - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "@hourli" - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.schedule in body should match" - - name: Should fail to create an EtcdBackup with an invalid schedule - Non standard L last Friday in month - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* * * * 5L" - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.schedule in body should match" - - name: Should fail to create an EtcdBackup with an invalid schedule - Non standard L 5th day before last day of month - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* * L-5 * *" - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.schedule in body should match" - - name: Should fail to create an EtcdBackup with an invalid schedule - Non standard W closest weekday to 15th of month - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - schedule: "* * 15W * *" - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.schedule in body should match" - - name: Should be able to create a Backup with a valid time zone - Africa/Banjul - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: Africa/Banjul - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: Africa/Banjul - pvcName: etcdbackup-pvc - - name: Should be able to create a Backup with a valid time zone - Etc/GMT-8 - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: Etc/GMT-8 - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: Etc/GMT-8 - pvcName: etcdbackup-pvc - - name: Should be able to create a Backup with a valid time zone - Etc/UTC - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: Etc/UTC - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: Etc/UTC - pvcName: etcdbackup-pvc - - name: Should be able to create a Backup with a valid time zone - America/Argentina/Catamarca - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: America/Argentina/Catamarca - pvcName: etcdbackup-pvc - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: America/Argentina/Catamarca - pvcName: etcdbackup-pvc - - name: Should fail to create an EtcdBackup with an invalid time zone - GMT2 - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: GMT2 - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.timeZone in body should match" - - name: Should fail to create an EtcdBackup with an invalid time zone - GMT+3 - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: Backup - spec: - etcd: - timeZone: GMT+3 - pvcName: etcdbackup-pvc - expectedError: "spec.etcd.timeZone in body should match" - diff --git a/vendor/github.com/openshift/api/config/v1alpha1/techpreview.clusterimagepolicy.testsuite.yaml b/vendor/github.com/openshift/api/config/v1alpha1/techpreview.clusterimagepolicy.testsuite.yaml deleted file mode 100644 index 62531066749..00000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/techpreview.clusterimagepolicy.testsuite.yaml +++ /dev/null @@ -1,451 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreviewNoUpgrade] ClusterImagePolicy" -crd: 0000_10_config-operator_01_clusterimagepolicy-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ImagePolicy with policyType PublicKey - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Should be able to create a minimal ImagePolicy with policyType FulcioCAWithRekor - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - fulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - fulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - - name: Should not allow policyType PublicKey but not set publicKey - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - FulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": publicKey is required when policyType is PublicKey, and forbidden otherwise" - - name: Should not allow policyType FulcioCAData but not set fulcioCAWithRekor - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - PublicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" - - name: Should not allow policyType set but not set corresponding policy - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": publicKey is required when policyType is PublicKey, and forbidden otherwise" - - name: Should not allow policyType set FulcioCAWith but not set corresponding policy - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" - - name: Should not allow signedIdentity matchPolicy ExactRepository but not set repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - expectedError: "spec.policy.signedIdentity: Invalid value: \"object\": exactRepository is required when matchPolicy is ExactRepository, and forbidden otherwise" - - name: Should not allow signedIdentity matchPolicy RemapIdentity but not set prefixes - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - expectedError: "spec.policy.signedIdentity: Invalid value: \"object\": remapIdentity is required when matchPolicy is RemapIdentity, and forbidden otherwise" - - name: Test scope should not allow 'busybox' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - busybox - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid image scope format, scope must contain a fully qualified domain name or 'localhost'" - - name: Test scope should not allow start with subnamesapces '*.example.com/test' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - "*.example.com/test" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid image scope with wildcard, a wildcard can only be at the start of the domain and is only supported for subdomain matching, not path matching" - - name: Test scope should not allow invalid digest - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:12dsdf - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid repository namespace or image specification in the image scope" - - name: Test should not allow tag in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com/namespace/namespace:latest - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow tag in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: localhost:1234/namespace/namespace:latest - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow digest in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: localhost:1234/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow tag in prefix/signedPrefix - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com/namespace:latest - signedPrefix: example.com/namespace - expectedError: "[spec.policy.signedIdentity.remapIdentity.prefix: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.remapIdentity.prefix: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should allow valid ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com - - name: Test should allow valid signedIdentity prefix/signedPrefix - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com - signedPrefix: mirror.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com - signedPrefix: mirror.com - - name: Test scope should allow localhost name with port 'localhost:1234/namespace/namespace' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - localhost:1234/namespace/namespace - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - localhost:1234/namespace/namespace - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow localhost 'localhost/foo/bar' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - localhost/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - localhost/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow 'example.com/foo/bar' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow tag 'example.com/foo/bar:latest' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/foo/bar:latest - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/foo/bar:latest - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow full specification digest - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow '*.example.com' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - "*.example.com" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ClusterImagePolicy - spec: - scopes: - - "*.example.com" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== diff --git a/vendor/github.com/openshift/api/config/v1alpha1/techpreview.imagepolicy.testsuite.yaml b/vendor/github.com/openshift/api/config/v1alpha1/techpreview.imagepolicy.testsuite.yaml deleted file mode 100644 index b469d4c5231..00000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/techpreview.imagepolicy.testsuite.yaml +++ /dev/null @@ -1,451 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreviewNoUpgrade] ImagePolicy" -crd: 0000_10_config-operator_01_imagepolicy-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ImagePolicy with policyType PublicKey - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Should be able to create a minimal ImagePolicy with policyType FulcioCAWithRekor - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - fulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - fulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - - name: Should not allow policyType PublicKey but not set publicKey - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - FulcioCAWithRekor: - fulcioCAData: Zm9vIGJhcg== - rekorKeyData: Zm9vIGJhcg== - fulcioSubject: - oidcIssuer: https://oidc.localhost - signedEmail: test-user@example.com - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": publicKey is required when policyType is PublicKey, and forbidden otherwise" - - name: Should not allow policyType FulcioCAData but not set fulcioCAWithRekor - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - PublicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" - - name: Should not allow policyType set but not set corresponding policy - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": publicKey is required when policyType is PublicKey, and forbidden otherwise" - - name: Should not allow policyType set FulcioCAWith but not set corresponding policy - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: FulcioCAWithRekor - expectedError: "spec.policy.rootOfTrust: Invalid value: \"object\": fulcioCAWithRekor is required when policyType is FulcioCAWithRekor, and forbidden otherwise" - - name: Should not allow signedIdentity matchPolicy ExactRepository but not set repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - expectedError: "spec.policy.signedIdentity: Invalid value: \"object\": exactRepository is required when matchPolicy is ExactRepository, and forbidden otherwise" - - name: Should not allow signedIdentity matchPolicy RemapIdentity but not set prefixes - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - expectedError: "spec.policy.signedIdentity: Invalid value: \"object\": remapIdentity is required when matchPolicy is RemapIdentity, and forbidden otherwise" - - name: Test scope should not allow 'busybox' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - busybox - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid image scope format, scope must contain a fully qualified domain name or 'localhost'" - - name: Test scope should not allow start with subnamesapces '*.example.com/test' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - "*.example.com/test" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid image scope with wildcard, a wildcard can only be at the start of the domain and is only supported for subdomain matching, not path matching" - - name: Test scope should not allow invalid digest - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:12dsdf - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expectedError: "spec.scopes[0]: Invalid value: \"string\": invalid repository namespace or image specification in the image scope" - - name: Test should not allow tag in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com/namespace/namespace:latest - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow tag in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: localhost:1234/namespace/namespace:latest - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow digest in ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: localhost:1234/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - expectedError: "[spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.exactRepository.repository: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should not allow tag in prefix/signedPrefix - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com/namespace:latest - signedPrefix: example.com/namespace - expectedError: "[spec.policy.signedIdentity.remapIdentity.prefix: Invalid value: \"string\": invalid repository or prefix in the signedIdentity, should not include the tag or digest, spec.policy.signedIdentity.remapIdentity.prefix: Invalid value: \"string\": invalid repository or prefix in the signedIdentity]" - - name: Test should allow valid ExactRepository repository - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: ExactRepository - exactRepository: - repository: example.com - - name: Test should allow valid signedIdentity prefix/signedPrefix - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com - signedPrefix: mirror.com - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - signedIdentity: - matchPolicy: RemapIdentity - remapIdentity: - prefix: example.com - signedPrefix: mirror.com - - name: Test scope should allow localhost name with port 'localhost:1234/namespace/namespace' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - localhost:1234/namespace/namespace - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - localhost:1234/namespace/namespace - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow localhost 'localhost/foo/bar' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - localhost/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - localhost/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow 'example.com/foo/bar' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/foo/bar - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow tag 'example.com/foo/bar:latest' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/foo/bar:latest - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/foo/bar:latest - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow full specification digest - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - example.com/namespace/namespace@sha256:b7e686e30346e9ace664fa09c0275262f8b9a443ed56d22165a0e201f6488c13 - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - - name: Test scope should allow '*.example.com' - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - "*.example.com" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: ImagePolicy - spec: - scopes: - - "*.example.com" - policy: - rootOfTrust: - policyType: PublicKey - publicKey: - keyData: Zm9vIGJhcg== diff --git a/vendor/github.com/openshift/api/config/v1alpha1/techpreview.insightsdatagather.testsuite.yaml b/vendor/github.com/openshift/api/config/v1alpha1/techpreview.insightsdatagather.testsuite.yaml deleted file mode 100644 index 90a1cede82a..00000000000 --- a/vendor/github.com/openshift/api/config/v1alpha1/techpreview.insightsdatagather.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreview] InsightsDataGather" -crd: 0000_10_config-operator_01_insightsdatagather-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal InsightsDataGather - initial: | - apiVersion: config.openshift.io/v1alpha1 - kind: InsightsDataGather - spec: {} # No spec is required for a InsightsDataGather - expected: | - apiVersion: config.openshift.io/v1alpha1 - kind: InsightsDataGather - spec: {} diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_backup.go b/vendor/github.com/openshift/api/config/v1alpha1/types_backup.go index 016f08003a5..65eb5c1f759 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_backup.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_backup.go @@ -13,7 +13,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +kubebuilder:resource:path=backups,scope=Cluster // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1482 -// +openshift:file-pattern=0000_10_config-operator_01_backupMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +openshift:enable:FeatureGate=AutomatedEtcdBackup // +openshift:compatibility-gen:level=4 type Backup struct { diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go index 8568da59bd8..c503fdeab6e 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go @@ -13,7 +13,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +kubebuilder:resource:path=clusterimagepolicies,scope=Cluster // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1457 -// +openshift:file-pattern=0000_10_config-operator_01_clusterimagepolicyMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +openshift:enable:FeatureGate=ImagePolicy // +openshift:compatibility-gen:level=4 type ClusterImagePolicy struct { diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go index ba7feaef638..247bab21849 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go @@ -12,7 +12,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +kubebuilder:resource:path=imagepolicies,scope=Namespaced // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1457 -// +openshift:file-pattern=0000_10_config-operator_01_imagepolicyMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +openshift:enable:FeatureGate=ImagePolicy // +openshift:compatibility-gen:level=4 type ImagePolicy struct { diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go b/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go index 72af855e23b..171e96d5b80 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_insights.go @@ -13,7 +13,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +kubebuilder:resource:path=insightsdatagathers,scope=Cluster // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1245 -// +openshift:file-pattern=0000_10_config-operator_01_insightsdatagatherMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +openshift:enable:FeatureGate=InsightsConfig // +openshift:compatibility-gen:level=4 type InsightsDataGather struct { diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml index 8a35278f524..9b5744d4a0e 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -6,6 +6,9 @@ backups.config.openshift.io: Category: "" FeatureGates: - AutomatedEtcdBackup + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true KindName: Backup @@ -14,7 +17,6 @@ backups.config.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_10_config-operator_01_backupMARKERS.crd.yaml TopLevelFeatureGates: - AutomatedEtcdBackup Version: v1alpha1 @@ -27,6 +29,9 @@ clusterimagepolicies.config.openshift.io: Category: "" FeatureGates: - ImagePolicy + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true KindName: ClusterImagePolicy @@ -35,7 +40,6 @@ clusterimagepolicies.config.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_10_config-operator_01_clusterimagepolicyMARKERS.crd.yaml TopLevelFeatureGates: - ImagePolicy Version: v1alpha1 @@ -48,6 +52,9 @@ imagepolicies.config.openshift.io: Category: "" FeatureGates: - ImagePolicy + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true KindName: ImagePolicy @@ -56,7 +63,6 @@ imagepolicies.config.openshift.io: PrinterColumns: [] Scope: Namespaced ShortNames: null - TargetFilenamePattern: 0000_10_config-operator_01_imagepolicyMARKERS.crd.yaml TopLevelFeatureGates: - ImagePolicy Version: v1alpha1 @@ -69,6 +75,9 @@ insightsdatagathers.config.openshift.io: Category: "" FeatureGates: - InsightsConfig + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: config.openshift.io HasStatus: true KindName: InsightsDataGather @@ -77,7 +86,6 @@ insightsdatagathers.config.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_10_config-operator_01_insightsdatagatherMARKERS.crd.yaml TopLevelFeatureGates: - InsightsConfig Version: v1alpha1 diff --git a/vendor/github.com/openshift/api/config/v1/feature_gates.go b/vendor/github.com/openshift/api/features/features.go similarity index 57% rename from vendor/github.com/openshift/api/config/v1/feature_gates.go rename to vendor/github.com/openshift/api/features/features.go index cd667527aec..2bfe032bb03 100644 --- a/vendor/github.com/openshift/api/config/v1/feature_gates.go +++ b/vendor/github.com/openshift/api/features/features.go @@ -1,148 +1,12 @@ -package v1 - -import "fmt" - -// FeatureGateDescription is a golang-only interface used to contains details for a feature gate. -type FeatureGateDescription struct { - // FeatureGateAttributes is the information that appears in the API - FeatureGateAttributes FeatureGateAttributes - - // OwningJiraComponent is the jira component that owns most of the impl and first assignment for the bug. - // This is the team that owns the feature long term. - OwningJiraComponent string - // ResponsiblePerson is the person who is on the hook for first contact. This is often, but not always, a team lead. - // It is someone who can make the promise on the behalf of the team. - ResponsiblePerson string - // OwningProduct is the product that owns the lifecycle of the gate. - OwningProduct OwningProduct -} +package features -type ClusterProfileName string +import ( + "fmt" -var ( - Hypershift = ClusterProfileName("include.release.openshift.io/ibm-cloud-managed") - SelfManaged = ClusterProfileName("include.release.openshift.io/self-managed-high-availability") - SingleNode = ClusterProfileName("include.release.openshift.io/single-node-developer") - AllClusterProfiles = []ClusterProfileName{Hypershift, SelfManaged, SingleNode} + configv1 "github.com/openshift/api/config/v1" ) -type OwningProduct string - -var ( - ocpSpecific = OwningProduct("OCP") - kubernetes = OwningProduct("Kubernetes") -) - -type featureGateBuilder struct { - name string - owningJiraComponent string - responsiblePerson string - owningProduct OwningProduct - - statusByClusterProfileByFeatureSet map[ClusterProfileName]map[FeatureSet]bool -} - -// newFeatureGate featuregate are disabled in every FeatureSet and selectively enabled -func newFeatureGate(name string) *featureGateBuilder { - b := &featureGateBuilder{ - name: name, - statusByClusterProfileByFeatureSet: map[ClusterProfileName]map[FeatureSet]bool{}, - } - for _, clusterProfile := range AllClusterProfiles { - byFeatureSet := map[FeatureSet]bool{} - for _, featureSet := range AllFixedFeatureSets { - byFeatureSet[featureSet] = false - } - b.statusByClusterProfileByFeatureSet[clusterProfile] = byFeatureSet - } - return b -} - -func (b *featureGateBuilder) reportProblemsToJiraComponent(owningJiraComponent string) *featureGateBuilder { - b.owningJiraComponent = owningJiraComponent - return b -} - -func (b *featureGateBuilder) contactPerson(responsiblePerson string) *featureGateBuilder { - b.responsiblePerson = responsiblePerson - return b -} - -func (b *featureGateBuilder) productScope(owningProduct OwningProduct) *featureGateBuilder { - b.owningProduct = owningProduct - return b -} - -func (b *featureGateBuilder) enableIn(featureSets ...FeatureSet) *featureGateBuilder { - for clusterProfile := range b.statusByClusterProfileByFeatureSet { - for _, featureSet := range featureSets { - b.statusByClusterProfileByFeatureSet[clusterProfile][featureSet] = true - } - } - return b -} - -func (b *featureGateBuilder) enableForClusterProfile(clusterProfile ClusterProfileName, featureSets ...FeatureSet) *featureGateBuilder { - for _, featureSet := range featureSets { - b.statusByClusterProfileByFeatureSet[clusterProfile][featureSet] = true - } - return b -} - -func (b *featureGateBuilder) register() (FeatureGateName, error) { - if len(b.name) == 0 { - return "", fmt.Errorf("missing name") - } - if len(b.owningJiraComponent) == 0 { - return "", fmt.Errorf("missing owningJiraComponent") - } - if len(b.responsiblePerson) == 0 { - return "", fmt.Errorf("missing responsiblePerson") - } - if len(b.owningProduct) == 0 { - return "", fmt.Errorf("missing owningProduct") - } - - featureGateName := FeatureGateName(b.name) - description := FeatureGateDescription{ - FeatureGateAttributes: FeatureGateAttributes{ - Name: featureGateName, - }, - OwningJiraComponent: b.owningJiraComponent, - ResponsiblePerson: b.responsiblePerson, - OwningProduct: b.owningProduct, - } - - // statusByClusterProfileByFeatureSet is initialized by constructor to be false for every combination - for clusterProfile, byFeatureSet := range b.statusByClusterProfileByFeatureSet { - for featureSet, enabled := range byFeatureSet { - if _, ok := allFeatureGates[clusterProfile]; !ok { - allFeatureGates[clusterProfile] = map[FeatureSet]*FeatureGateEnabledDisabled{} - } - if _, ok := allFeatureGates[clusterProfile][featureSet]; !ok { - allFeatureGates[clusterProfile][featureSet] = &FeatureGateEnabledDisabled{} - } - - if enabled { - allFeatureGates[clusterProfile][featureSet].Enabled = append(allFeatureGates[clusterProfile][featureSet].Enabled, description) - } else { - allFeatureGates[clusterProfile][featureSet].Disabled = append(allFeatureGates[clusterProfile][featureSet].Disabled, description) - } - } - } - - return featureGateName, nil -} - -func (b *featureGateBuilder) mustRegister() FeatureGateName { - ret, err := b.register() - if err != nil { - panic(err) - } - return ret -} - -func FeatureSets(clusterProfile ClusterProfileName, featureSet FeatureSet) (*FeatureGateEnabledDisabled, error) { +func FeatureSets(clusterProfile ClusterProfileName, featureSet configv1.FeatureSet) (*FeatureGateEnabledDisabled, error) { byFeatureSet, ok := allFeatureGates[clusterProfile] if !ok { return nil, fmt.Errorf("no information found for ClusterProfile=%q", clusterProfile) @@ -154,11 +18,11 @@ func FeatureSets(clusterProfile ClusterProfileName, featureSet FeatureSet) (*Fea return featureGates.DeepCopy(), nil } -func AllFeatureSets() map[ClusterProfileName]map[FeatureSet]*FeatureGateEnabledDisabled { - ret := map[ClusterProfileName]map[FeatureSet]*FeatureGateEnabledDisabled{} +func AllFeatureSets() map[ClusterProfileName]map[configv1.FeatureSet]*FeatureGateEnabledDisabled { + ret := map[ClusterProfileName]map[configv1.FeatureSet]*FeatureGateEnabledDisabled{} for clusterProfile, byFeatureSet := range allFeatureGates { - newByFeatureSet := map[FeatureSet]*FeatureGateEnabledDisabled{} + newByFeatureSet := map[configv1.FeatureSet]*FeatureGateEnabledDisabled{} for featureSet, enabledDisabled := range byFeatureSet { newByFeatureSet[featureSet] = enabledDisabled.DeepCopy() @@ -170,111 +34,132 @@ func AllFeatureSets() map[ClusterProfileName]map[FeatureSet]*FeatureGateEnabledD } var ( - allFeatureGates = map[ClusterProfileName]map[FeatureSet]*FeatureGateEnabledDisabled{} + allFeatureGates = map[ClusterProfileName]map[configv1.FeatureSet]*FeatureGateEnabledDisabled{} + + FeatureGateServiceAccountTokenNodeBindingValidation = newFeatureGate("ServiceAccountTokenNodeBindingValidation"). + reportProblemsToJiraComponent("apiserver-auth"). + contactPerson("stlaz"). + productScope(kubernetes). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateServiceAccountTokenNodeBinding = newFeatureGate("ServiceAccountTokenNodeBinding"). + reportProblemsToJiraComponent("apiserver-auth"). + contactPerson("stlaz"). + productScope(kubernetes). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateServiceAccountTokenPodNodeInfo = newFeatureGate("ServiceAccountTokenPodNodeInfo"). + reportProblemsToJiraComponent("apiserver-auth"). + contactPerson("stlaz"). + productScope(kubernetes). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() FeatureGateValidatingAdmissionPolicy = newFeatureGate("ValidatingAdmissionPolicy"). reportProblemsToJiraComponent("kube-apiserver"). contactPerson("benluddy"). productScope(kubernetes). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateGatewayAPI = newFeatureGate("GatewayAPI"). reportProblemsToJiraComponent("Routing"). contactPerson("miciah"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateOpenShiftPodSecurityAdmission = newFeatureGate("OpenShiftPodSecurityAdmission"). reportProblemsToJiraComponent("auth"). contactPerson("stlaz"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateExternalCloudProvider = newFeatureGate("ExternalCloudProvider"). reportProblemsToJiraComponent("cloud-provider"). contactPerson("jspeed"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateExternalCloudProviderAzure = newFeatureGate("ExternalCloudProviderAzure"). reportProblemsToJiraComponent("cloud-provider"). contactPerson("jspeed"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateExternalCloudProviderGCP = newFeatureGate("ExternalCloudProviderGCP"). reportProblemsToJiraComponent("cloud-provider"). contactPerson("jspeed"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateExternalCloudProviderExternal = newFeatureGate("ExternalCloudProviderExternal"). reportProblemsToJiraComponent("cloud-provider"). contactPerson("elmiko"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateCSIDriverSharedResource = newFeatureGate("CSIDriverSharedResource"). reportProblemsToJiraComponent("builds"). contactPerson("adkaplan"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateBuildCSIVolumes = newFeatureGate("BuildCSIVolumes"). reportProblemsToJiraComponent("builds"). contactPerson("adkaplan"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateNodeSwap = newFeatureGate("NodeSwap"). reportProblemsToJiraComponent("node"). contactPerson("ehashman"). productScope(kubernetes). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateMachineAPIProviderOpenStack = newFeatureGate("MachineAPIProviderOpenStack"). reportProblemsToJiraComponent("openstack"). contactPerson("egarcia"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateInsightsConfigAPI = newFeatureGate("InsightsConfigAPI"). reportProblemsToJiraComponent("insights"). contactPerson("tremes"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateDynamicResourceAllocation = newFeatureGate("DynamicResourceAllocation"). reportProblemsToJiraComponent("scheduling"). contactPerson("jchaloup"). productScope(kubernetes). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateAzureWorkloadIdentity = newFeatureGate("AzureWorkloadIdentity"). reportProblemsToJiraComponent("cloud-credential-operator"). contactPerson("abutcher"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateMaxUnavailableStatefulSet = newFeatureGate("MaxUnavailableStatefulSet"). reportProblemsToJiraComponent("apps"). contactPerson("atiratree"). productScope(kubernetes). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateEventedPLEG = newFeatureGate("EventedPLEG"). @@ -287,77 +172,84 @@ var ( reportProblemsToJiraComponent("Routing"). contactPerson("miciah"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateSigstoreImageVerification = newFeatureGate("SigstoreImageVerification"). reportProblemsToJiraComponent("node"). contactPerson("sgrunert"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateGCPLabelsTags = newFeatureGate("GCPLabelsTags"). reportProblemsToJiraComponent("Installer"). contactPerson("bhb"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateAlibabaPlatform = newFeatureGate("AlibabaPlatform"). reportProblemsToJiraComponent("cloud-provider"). contactPerson("jspeed"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateCloudDualStackNodeIPs = newFeatureGate("CloudDualStackNodeIPs"). reportProblemsToJiraComponent("machine-config-operator/platform-baremetal"). contactPerson("mkowalsk"). productScope(kubernetes). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateVSphereStaticIPs = newFeatureGate("VSphereStaticIPs"). reportProblemsToJiraComponent("splat"). contactPerson("rvanderp3"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateRouteExternalCertificate = newFeatureGate("RouteExternalCertificate"). reportProblemsToJiraComponent("router"). contactPerson("thejasn"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateAdminNetworkPolicy = newFeatureGate("AdminNetworkPolicy"). reportProblemsToJiraComponent("Networking/ovn-kubernetes"). contactPerson("tssurya"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateNetworkLiveMigration = newFeatureGate("NetworkLiveMigration"). reportProblemsToJiraComponent("Networking/ovn-kubernetes"). contactPerson("pliu"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() + FeatureGateNetworkDiagnosticsConfig = newFeatureGate("NetworkDiagnosticsConfig"). + reportProblemsToJiraComponent("Networking/cluster-network-operator"). + contactPerson("kyrtapz"). + productScope(ocpSpecific). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + FeatureGateHardwareSpeed = newFeatureGate("HardwareSpeed"). reportProblemsToJiraComponent("etcd"). contactPerson("hasbro17"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateAutomatedEtcdBackup = newFeatureGate("AutomatedEtcdBackup"). reportProblemsToJiraComponent("etcd"). contactPerson("hasbro17"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateMachineAPIOperatorDisableMachineHealthCheckController = newFeatureGate("MachineAPIOperatorDisableMachineHealthCheckController"). @@ -370,21 +262,21 @@ var ( reportProblemsToJiraComponent("dns"). contactPerson("miciah"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateVSphereControlPlaneMachineset = newFeatureGate("VSphereControlPlaneMachineSet"). reportProblemsToJiraComponent("splat"). contactPerson("rvanderp3"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateMachineConfigNodes = newFeatureGate("MachineConfigNodes"). reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("cdoern"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateClusterAPIInstall = newFeatureGate("ClusterAPIInstall"). @@ -397,153 +289,223 @@ var ( reportProblemsToJiraComponent("Monitoring"). contactPerson("slashpai"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateInstallAlternateInfrastructureAWS = newFeatureGate("InstallAlternateInfrastructureAWS"). reportProblemsToJiraComponent("Installer"). contactPerson("padillon"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateGCPClusterHostedDNS = newFeatureGate("GCPClusterHostedDNS"). reportProblemsToJiraComponent("Installer"). contactPerson("barbacbd"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateMixedCPUsAllocation = newFeatureGate("MixedCPUsAllocation"). reportProblemsToJiraComponent("NodeTuningOperator"). contactPerson("titzhak"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateManagedBootImages = newFeatureGate("ManagedBootImages"). reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("djoshy"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateDisableKubeletCloudCredentialProviders = newFeatureGate("DisableKubeletCloudCredentialProviders"). reportProblemsToJiraComponent("cloud-provider"). contactPerson("jspeed"). productScope(kubernetes). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateOnClusterBuild = newFeatureGate("OnClusterBuild"). reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("dkhater"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateSignatureStores = newFeatureGate("SignatureStores"). reportProblemsToJiraComponent("Cluster Version Operator"). contactPerson("lmohanty"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateKMSv1 = newFeatureGate("KMSv1"). reportProblemsToJiraComponent("kube-apiserver"). contactPerson("dgrisonnet"). productScope(kubernetes). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGatePinnedImages = newFeatureGate("PinnedImages"). reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("jhernand"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateUpgradeStatus = newFeatureGate("UpgradeStatus"). reportProblemsToJiraComponent("Cluster Version Operator"). contactPerson("pmuller"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateTranslateStreamCloseWebsocketRequests = newFeatureGate("TranslateStreamCloseWebsocketRequests"). reportProblemsToJiraComponent("kube-apiserver"). contactPerson("akashem"). productScope(kubernetes). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateVolumeGroupSnapshot = newFeatureGate("VolumeGroupSnapshot"). reportProblemsToJiraComponent("Storage / Kubernetes External Components"). contactPerson("fbertina"). productScope(kubernetes). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateExternalOIDC = newFeatureGate("ExternalOIDC"). reportProblemsToJiraComponent("authentication"). contactPerson("stlaz"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). - enableForClusterProfile(Hypershift, Default, TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + enableForClusterProfile(Hypershift, configv1.Default, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateExample = newFeatureGate("Example"). reportProblemsToJiraComponent("cluster-config"). contactPerson("deads"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGatePlatformOperators = newFeatureGate("PlatformOperators"). reportProblemsToJiraComponent("olm"). contactPerson("joe"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() + FeatureGateNewOLM = newFeatureGate("NewOLM"). + reportProblemsToJiraComponent("olm"). + contactPerson("joe"). + productScope(ocpSpecific). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + FeatureGateExternalRouteCertificate = newFeatureGate("ExternalRouteCertificate"). reportProblemsToJiraComponent("network-edge"). contactPerson("miciah"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateInsightsOnDemandDataGather = newFeatureGate("InsightsOnDemandDataGather"). reportProblemsToJiraComponent("insights"). contactPerson("tremes"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() - FeatureGateAlertingRules = newFeatureGate("AlertingRules"). - reportProblemsToJiraComponent("Monitoring"). - contactPerson("simon"). - productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). - mustRegister() - FeatureGateBareMetalLoadBalancer = newFeatureGate("BareMetalLoadBalancer"). reportProblemsToJiraComponent("metal"). contactPerson("EmilienM"). productScope(ocpSpecific). - enableIn(Default, TechPreviewNoUpgrade). + enableIn(configv1.Default, configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateInsightsConfig = newFeatureGate("InsightsConfig"). reportProblemsToJiraComponent("insights"). contactPerson("tremes"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateImagePolicy = newFeatureGate("ImagePolicy"). reportProblemsToJiraComponent("node"). contactPerson("rphillips"). productScope(ocpSpecific). - enableIn(TechPreviewNoUpgrade). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() + + FeatureGateNodeDisruptionPolicy = newFeatureGate("NodeDisruptionPolicy"). + reportProblemsToJiraComponent("MachineConfigOperator"). + contactPerson("jerzhang"). + productScope(ocpSpecific). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateMetricsCollectionProfiles = newFeatureGate("MetricsCollectionProfiles"). + reportProblemsToJiraComponent("Monitoring"). + contactPerson("rexagod"). + productScope(ocpSpecific). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateVSphereDriverConfiguration = newFeatureGate("VSphereDriverConfiguration"). + reportProblemsToJiraComponent("Storage / Kubernetes External Components"). + contactPerson("rbednar"). + productScope(ocpSpecific). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() + + FeatureGateClusterAPIInstallAWS = newFeatureGate("ClusterAPIInstallAWS"). + reportProblemsToJiraComponent("Installer"). + contactPerson("r4f4"). + productScope(ocpSpecific). + mustRegister() + + FeatureGateClusterAPIInstallAzure = newFeatureGate("ClusterAPIInstallAzure"). + reportProblemsToJiraComponent("Installer"). + contactPerson("jhixson74"). + productScope(ocpSpecific). + mustRegister() + + FeatureGateClusterAPIInstallGCP = newFeatureGate("ClusterAPIInstallGCP"). + reportProblemsToJiraComponent("Installer"). + contactPerson("bfournie"). + productScope(ocpSpecific). + mustRegister() + + FeatureGateClusterAPIInstallIBMCloud = newFeatureGate("ClusterAPIInstallIBMCloud"). + reportProblemsToJiraComponent("Installer"). + contactPerson("cjschaef"). + productScope(ocpSpecific). + mustRegister() + + FeatureGateClusterAPIInstallNutanix = newFeatureGate("ClusterAPIInstallNutanix"). + reportProblemsToJiraComponent("Installer"). + contactPerson("yanhua121"). + productScope(ocpSpecific). + mustRegister() + + FeatureGateClusterAPIInstallOpenStack = newFeatureGate("ClusterAPIInstallOpenStack"). + reportProblemsToJiraComponent("Installer"). + contactPerson("stephenfin"). + productScope(ocpSpecific). + mustRegister() + + FeatureGateClusterAPIInstallPowerVS = newFeatureGate("ClusterAPIInstallPowerVS"). + reportProblemsToJiraComponent("Installer"). + contactPerson("mjturek"). + productScope(ocpSpecific). + mustRegister() + + FeatureGateClusterAPIInstallVSphere = newFeatureGate("ClusterAPIInstallVSphere"). + reportProblemsToJiraComponent("Installer"). + contactPerson("rvanderp3"). + productScope(ocpSpecific). + mustRegister() ) diff --git a/vendor/github.com/openshift/api/features/util.go b/vendor/github.com/openshift/api/features/util.go new file mode 100644 index 00000000000..d8d8e94a0e9 --- /dev/null +++ b/vendor/github.com/openshift/api/features/util.go @@ -0,0 +1,193 @@ +package features + +import ( + "fmt" + configv1 "github.com/openshift/api/config/v1" +) + +// FeatureGateDescription is a golang-only interface used to contains details for a feature gate. +type FeatureGateDescription struct { + // FeatureGateAttributes is the information that appears in the API + FeatureGateAttributes configv1.FeatureGateAttributes + + // OwningJiraComponent is the jira component that owns most of the impl and first assignment for the bug. + // This is the team that owns the feature long term. + OwningJiraComponent string + // ResponsiblePerson is the person who is on the hook for first contact. This is often, but not always, a team lead. + // It is someone who can make the promise on the behalf of the team. + ResponsiblePerson string + // OwningProduct is the product that owns the lifecycle of the gate. + OwningProduct OwningProduct +} + +type FeatureGateEnabledDisabled struct { + Enabled []FeatureGateDescription + Disabled []FeatureGateDescription +} + +type ClusterProfileName string + +var ( + Hypershift = ClusterProfileName("include.release.openshift.io/ibm-cloud-managed") + SelfManaged = ClusterProfileName("include.release.openshift.io/self-managed-high-availability") + AllClusterProfiles = []ClusterProfileName{Hypershift, SelfManaged} +) + +type OwningProduct string + +var ( + ocpSpecific = OwningProduct("OCP") + kubernetes = OwningProduct("Kubernetes") +) + +type featureGateBuilder struct { + name string + owningJiraComponent string + responsiblePerson string + owningProduct OwningProduct + + statusByClusterProfileByFeatureSet map[ClusterProfileName]map[configv1.FeatureSet]bool +} + +// newFeatureGate featuregate are disabled in every FeatureSet and selectively enabled +func newFeatureGate(name string) *featureGateBuilder { + b := &featureGateBuilder{ + name: name, + statusByClusterProfileByFeatureSet: map[ClusterProfileName]map[configv1.FeatureSet]bool{}, + } + for _, clusterProfile := range AllClusterProfiles { + byFeatureSet := map[configv1.FeatureSet]bool{} + for _, featureSet := range configv1.AllFixedFeatureSets { + byFeatureSet[featureSet] = false + } + b.statusByClusterProfileByFeatureSet[clusterProfile] = byFeatureSet + } + return b +} + +func (b *featureGateBuilder) reportProblemsToJiraComponent(owningJiraComponent string) *featureGateBuilder { + b.owningJiraComponent = owningJiraComponent + return b +} + +func (b *featureGateBuilder) contactPerson(responsiblePerson string) *featureGateBuilder { + b.responsiblePerson = responsiblePerson + return b +} + +func (b *featureGateBuilder) productScope(owningProduct OwningProduct) *featureGateBuilder { + b.owningProduct = owningProduct + return b +} + +func (b *featureGateBuilder) enableIn(featureSets ...configv1.FeatureSet) *featureGateBuilder { + for clusterProfile := range b.statusByClusterProfileByFeatureSet { + for _, featureSet := range featureSets { + b.statusByClusterProfileByFeatureSet[clusterProfile][featureSet] = true + } + } + return b +} + +func (b *featureGateBuilder) enableForClusterProfile(clusterProfile ClusterProfileName, featureSets ...configv1.FeatureSet) *featureGateBuilder { + for _, featureSet := range featureSets { + b.statusByClusterProfileByFeatureSet[clusterProfile][featureSet] = true + } + return b +} + +func (b *featureGateBuilder) register() (configv1.FeatureGateName, error) { + if len(b.name) == 0 { + return "", fmt.Errorf("missing name") + } + if len(b.owningJiraComponent) == 0 { + return "", fmt.Errorf("missing owningJiraComponent") + } + if len(b.responsiblePerson) == 0 { + return "", fmt.Errorf("missing responsiblePerson") + } + if len(b.owningProduct) == 0 { + return "", fmt.Errorf("missing owningProduct") + } + + featureGateName := configv1.FeatureGateName(b.name) + description := FeatureGateDescription{ + FeatureGateAttributes: configv1.FeatureGateAttributes{ + Name: featureGateName, + }, + OwningJiraComponent: b.owningJiraComponent, + ResponsiblePerson: b.responsiblePerson, + OwningProduct: b.owningProduct, + } + + // statusByClusterProfileByFeatureSet is initialized by constructor to be false for every combination + for clusterProfile, byFeatureSet := range b.statusByClusterProfileByFeatureSet { + for featureSet, enabled := range byFeatureSet { + if _, ok := allFeatureGates[clusterProfile]; !ok { + allFeatureGates[clusterProfile] = map[configv1.FeatureSet]*FeatureGateEnabledDisabled{} + } + if _, ok := allFeatureGates[clusterProfile][featureSet]; !ok { + allFeatureGates[clusterProfile][featureSet] = &FeatureGateEnabledDisabled{} + } + + if enabled { + allFeatureGates[clusterProfile][featureSet].Enabled = append(allFeatureGates[clusterProfile][featureSet].Enabled, description) + } else { + allFeatureGates[clusterProfile][featureSet].Disabled = append(allFeatureGates[clusterProfile][featureSet].Disabled, description) + } + } + } + + return featureGateName, nil +} + +func (b *featureGateBuilder) mustRegister() configv1.FeatureGateName { + ret, err := b.register() + if err != nil { + panic(err) + } + return ret +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FeatureGateEnabledDisabled) DeepCopyInto(out *FeatureGateEnabledDisabled) { + *out = *in + if in.Enabled != nil { + in, out := &in.Enabled, &out.Enabled + *out = make([]FeatureGateDescription, len(*in)) + copy(*out, *in) + } + if in.Disabled != nil { + in, out := &in.Disabled, &out.Disabled + *out = make([]FeatureGateDescription, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGateEnabledDisabled. +func (in *FeatureGateEnabledDisabled) DeepCopy() *FeatureGateEnabledDisabled { + if in == nil { + return nil + } + out := new(FeatureGateEnabledDisabled) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *FeatureGateDescription) DeepCopyInto(out *FeatureGateDescription) { + *out = *in + out.FeatureGateAttributes = in.FeatureGateAttributes + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FeatureGateDescription. +func (in *FeatureGateDescription) DeepCopy() *FeatureGateDescription { + if in == nil { + return nil + } + out := new(FeatureGateDescription) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset.crd.yaml b/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset.crd.yaml deleted file mode 100644 index 544a6706968..00000000000 --- a/vendor/github.com/openshift/api/machine/v1/0000_10_controlplanemachineset.crd.yaml +++ /dev/null @@ -1,948 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1112 - api.openshift.io/merged-by-featuregates: "true" - capability.openshift.io/name: MachineAPI - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - name: controlplanemachinesets.machine.openshift.io -spec: - group: machine.openshift.io - names: - kind: ControlPlaneMachineSet - listKind: ControlPlaneMachineSetList - plural: controlplanemachinesets - singular: controlplanemachineset - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Desired Replicas - jsonPath: .spec.replicas - name: Desired - type: integer - - description: Current Replicas - jsonPath: .status.replicas - name: Current - type: integer - - description: Ready Replicas - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Updated Replicas - jsonPath: .status.updatedReplicas - name: Updated - type: integer - - description: Observed number of unavailable replicas - jsonPath: .status.unavailableReplicas - name: Unavailable - type: integer - - description: ControlPlaneMachineSet state - jsonPath: .spec.state - name: State - type: string - - description: ControlPlaneMachineSet age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: 'ControlPlaneMachineSet ensures that a specified number of control - plane machine replicas are running at any given time. Compatibility level - 1: Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer).' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ControlPlaneMachineSet represents the configuration of the - ControlPlaneMachineSet. - properties: - replicas: - default: 3 - description: Replicas defines how many Control Plane Machines should - be created by this ControlPlaneMachineSet. This field is immutable - and cannot be changed after cluster installation. The ControlPlaneMachineSet - only operates with 3 or 5 node control planes, 3 and 5 are the only - valid values for this field. - enum: - - 3 - - 5 - format: int32 - type: integer - x-kubernetes-validations: - - message: replicas is immutable - rule: self == oldSelf - selector: - description: Label selector for Machines. Existing Machines selected - by this selector will be the ones affected by this ControlPlaneMachineSet. - It must match the template's labels. This field is considered immutable - after creation of the resource. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - x-kubernetes-validations: - - message: selector is immutable - rule: self == oldSelf - state: - default: Inactive - description: State defines whether the ControlPlaneMachineSet is Active - or Inactive. When Inactive, the ControlPlaneMachineSet will not - take any action on the state of the Machines within the cluster. - When Active, the ControlPlaneMachineSet will reconcile the Machines - and will update the Machines as necessary. Once Active, a ControlPlaneMachineSet - cannot be made Inactive. To prevent further action please remove - the ControlPlaneMachineSet. - enum: - - Active - - Inactive - type: string - x-kubernetes-validations: - - message: state cannot be changed once Active - rule: oldSelf != 'Active' || self == oldSelf - strategy: - default: - type: RollingUpdate - description: Strategy defines how the ControlPlaneMachineSet will - update Machines when it detects a change to the ProviderSpec. - properties: - type: - default: RollingUpdate - description: Type defines the type of update strategy that should - be used when updating Machines owned by the ControlPlaneMachineSet. - Valid values are "RollingUpdate" and "OnDelete". The current - default value is "RollingUpdate". - enum: - - RollingUpdate - - OnDelete - type: string - type: object - template: - description: Template describes the Control Plane Machines that will - be created by this ControlPlaneMachineSet. - properties: - machineType: - description: MachineType determines the type of Machines that - should be managed by the ControlPlaneMachineSet. Currently, - the only valid value is machines_v1beta1_machine_openshift_io. - enum: - - machines_v1beta1_machine_openshift_io - type: string - machines_v1beta1_machine_openshift_io: - description: OpenShiftMachineV1Beta1Machine defines the template - for creating Machines from the v1beta1.machine.openshift.io - API group. - properties: - failureDomains: - description: FailureDomains is the list of failure domains - (sometimes called availability zones) in which the ControlPlaneMachineSet - should balance the Control Plane Machines. This will be - merged into the ProviderSpec given in the template. This - field is optional on platforms that do not require placement - information. - properties: - aws: - description: AWS configures failure domain information - for the AWS platform. - items: - description: AWSFailureDomain configures failure domain - information for the AWS platform. - minProperties: 1 - properties: - placement: - description: Placement configures the placement - information for this instance. - properties: - availabilityZone: - description: AvailabilityZone is the availability - zone of the instance. - type: string - required: - - availabilityZone - type: object - subnet: - description: Subnet is a reference to the subnet - to use for this instance. - properties: - arn: - description: ARN of resource. - type: string - filters: - description: Filters is a set of filters used - to identify a resource. - items: - description: AWSResourceFilter is a filter - used to identify an AWS resource - properties: - name: - description: Name of the filter. Filter - names are case-sensitive. - type: string - values: - description: Values includes one or more - filter values. Filter values are case-sensitive. - items: - type: string - type: array - required: - - name - type: object - type: array - id: - description: ID of resource. - type: string - type: - description: Type determines how the reference - will fetch the AWS resource. - enum: - - ID - - ARN - - Filters - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: id is required when type is ID, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''ID'' ? has(self.id) - : !has(self.id)' - - message: arn is required when type is ARN, and - forbidden otherwise - rule: 'has(self.type) && self.type == ''ARN'' - ? has(self.arn) : !has(self.arn)' - - message: filters is required when type is Filters, - and forbidden otherwise - rule: 'has(self.type) && self.type == ''Filters'' - ? has(self.filters) : !has(self.filters)' - type: object - type: array - azure: - description: Azure configures failure domain information - for the Azure platform. - items: - description: AzureFailureDomain configures failure domain - information for the Azure platform. - properties: - subnet: - description: subnet is the name of the network subnet - in which the VM will be created. When omitted, - the subnet value from the machine providerSpec - template will be used. - maxLength: 80 - pattern: ^[a-zA-Z0-9](?:[a-zA-Z0-9._-]*[a-zA-Z0-9_])?$ - type: string - zone: - description: Availability Zone for the virtual machine. - If nil, the virtual machine should be deployed - to no zone. - type: string - required: - - zone - type: object - type: array - gcp: - description: GCP configures failure domain information - for the GCP platform. - items: - description: GCPFailureDomain configures failure domain - information for the GCP platform - properties: - zone: - description: Zone is the zone in which the GCP machine - provider will create the VM. - type: string - required: - - zone - type: object - type: array - nutanix: - description: nutanix configures failure domain information - for the Nutanix platform. - items: - description: NutanixFailureDomainReference refers to - the failure domain of the Nutanix platform. - properties: - name: - description: name of the failure domain in which - the nutanix machine provider will create the VM. - Failure domains are defined in a cluster's config.openshift.io/Infrastructure - resource. - maxLength: 64 - minLength: 1 - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - openstack: - description: OpenStack configures failure domain information - for the OpenStack platform. - items: - description: OpenStackFailureDomain configures failure - domain information for the OpenStack platform. - minProperties: 1 - properties: - availabilityZone: - description: 'availabilityZone is the nova availability - zone in which the OpenStack machine provider will - create the VM. If not specified, the VM will be - created in the default availability zone specified - in the nova configuration. Availability zone names - must NOT contain : since it is used by admin users - to specify hosts where instances are launched - in server creation. Also, it must not contain - spaces otherwise it will lead to node that belongs - to this availability zone register failure, see - kubernetes/cloud-provider-openstack#1379 for further - information. The maximum length of availability - zone name is 63 as per labels limits.' - maxLength: 63 - minLength: 1 - pattern: '^[^: ]*$' - type: string - rootVolume: - description: rootVolume contains settings that will - be used by the OpenStack machine provider to create - the root volume attached to the VM. If not specified, - no root volume will be created. - properties: - availabilityZone: - description: availabilityZone specifies the - Cinder availability zone where the root volume - will be created. If not specifified, the root - volume will be created in the availability - zone specified by the volume type in the cinder - configuration. If the volume type (configured - in the OpenStack cluster) does not specify - an availability zone, the root volume will - be created in the default availability zone - specified in the cinder configuration. See - https://docs.openstack.org/cinder/latest/admin/availability-zone-type.html - for more details. If the OpenStack cluster - is deployed with the cross_az_attach configuration - option set to false, the root volume will - have to be in the same availability zone as - the VM (defined by OpenStackFailureDomain.AvailabilityZone). - Availability zone names must NOT contain spaces - otherwise it will lead to volume that belongs - to this availability zone register failure, - see kubernetes/cloud-provider-openstack#1379 - for further information. The maximum length - of availability zone name is 63 as per labels - limits. - maxLength: 63 - minLength: 1 - pattern: ^[^ ]*$ - type: string - volumeType: - description: volumeType specifies the type of - the root volume that will be provisioned. - The maximum length of a volume type name is - 255 characters, as per the OpenStack limit. - maxLength: 255 - minLength: 1 - type: string - required: - - volumeType - type: object - type: object - x-kubernetes-validations: - - message: rootVolume.availabilityZone is required when - availabilityZone is set - rule: '!has(self.availabilityZone) || !has(self.rootVolume) - || has(self.rootVolume.availabilityZone)' - type: array - platform: - description: Platform identifies the platform for which - the FailureDomain represents. Currently supported values - are AWS, Azure, GCP, OpenStack, VSphere and Nutanix. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: vsphere configures failure domain information - for the VSphere platform. - items: - description: VSphereFailureDomain configures failure - domain information for the vSphere platform - properties: - name: - description: name of the failure domain in which - the vSphere machine provider will create the VM. - Failure domains are defined in a cluster's config.openshift.io/Infrastructure - resource. When balancing machines across failure - domains, the control plane machine set will inject - configuration from the Infrastructure resource - into the machine providerSpec to allocate the - machine to a failure domain. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - platform - type: object - x-kubernetes-validations: - - message: aws configuration is required when platform is - AWS, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''AWS'' ? has(self.aws) - : !has(self.aws)' - - message: azure configuration is required when platform is - Azure, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''Azure'' - ? has(self.azure) : !has(self.azure)' - - message: gcp configuration is required when platform is - GCP, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''GCP'' ? has(self.gcp) - : !has(self.gcp)' - - message: openstack configuration is required when platform - is OpenStack, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''OpenStack'' - ? has(self.openstack) : !has(self.openstack)' - - message: vsphere configuration is required when platform - is VSphere, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''VSphere'' - ? has(self.vsphere) : !has(self.vsphere)' - - message: nutanix configuration is required when platform - is Nutanix, and forbidden otherwise - rule: 'has(self.platform) && self.platform == ''Nutanix'' - ? has(self.nutanix) : !has(self.nutanix)' - metadata: - description: 'ObjectMeta is the standard object metadata More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata - Labels are required to match the ControlPlaneMachineSet - selector.' - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. They - are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels. - This field must contain both the ''machine.openshift.io/cluster-api-machine-role'' - and ''machine.openshift.io/cluster-api-machine-type'' - labels, both with a value of ''master''. It must also - contain a label with the key ''machine.openshift.io/cluster-api-cluster''.' - type: object - x-kubernetes-validations: - - message: label 'machine.openshift.io/cluster-api-machine-role' - is required, and must have value 'master' - rule: '''machine.openshift.io/cluster-api-machine-role'' - in self && self[''machine.openshift.io/cluster-api-machine-role''] - == ''master''' - - message: label 'machine.openshift.io/cluster-api-machine-type' - is required, and must have value 'master' - rule: '''machine.openshift.io/cluster-api-machine-type'' - in self && self[''machine.openshift.io/cluster-api-machine-type''] - == ''master''' - - message: label 'machine.openshift.io/cluster-api-cluster' - is required - rule: '''machine.openshift.io/cluster-api-cluster'' - in self' - required: - - labels - type: object - spec: - description: Spec contains the desired configuration of the - Control Plane Machines. The ProviderSpec within contains - platform specific details for creating the Control Plane - Machines. The ProviderSe should be complete apart from the - platform specific failure domain field. This will be overriden - when the Machines are created based on the FailureDomains - field. - properties: - lifecycleHooks: - description: LifecycleHooks allow users to pause operations - on the machine at certain predefined points within the - machine lifecycle. - properties: - preDrain: - description: PreDrain hooks prevent the machine from - being drained. This also blocks further lifecycle - events, such as termination. - items: - description: LifecycleHook represents a single instance - of a lifecycle hook - properties: - name: - description: Name defines a unique name for - the lifcycle hook. The name should be unique - and descriptive, ideally 1-3 words, in CamelCase - or it may be namespaced, eg. foo.example.com/CamelCase. - Names must be unique and should only be managed - by a single entity. - maxLength: 256 - minLength: 3 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - owner: - description: Owner defines the owner of the - lifecycle hook. This should be descriptive - enough so that users can identify who/what - is responsible for blocking the lifecycle. - This could be the name of a controller (e.g. - clusteroperator/etcd) or an administrator - managing the hook. - maxLength: 512 - minLength: 3 - type: string - required: - - name - - owner - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - preTerminate: - description: PreTerminate hooks prevent the machine - from being terminated. PreTerminate hooks be actioned - after the Machine has been drained. - items: - description: LifecycleHook represents a single instance - of a lifecycle hook - properties: - name: - description: Name defines a unique name for - the lifcycle hook. The name should be unique - and descriptive, ideally 1-3 words, in CamelCase - or it may be namespaced, eg. foo.example.com/CamelCase. - Names must be unique and should only be managed - by a single entity. - maxLength: 256 - minLength: 3 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - owner: - description: Owner defines the owner of the - lifecycle hook. This should be descriptive - enough so that users can identify who/what - is responsible for blocking the lifecycle. - This could be the name of a controller (e.g. - clusteroperator/etcd) or an administrator - managing the hook. - maxLength: 512 - minLength: 3 - type: string - required: - - name - - owner - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - metadata: - description: ObjectMeta will autopopulate the Node created. - Use this to indicate what labels, annotations, name - prefix, etc., should be used when creating the Node. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. - They are not queryable and should be preserved when - modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - generateName: - description: "GenerateName is an optional prefix, - used by the server, to generate a unique name ONLY - IF the Name field has not been provided. If this - field is used, the name returned to the client will - be different than the name passed. This value will - also be combined with a unique suffix. The provided - value has the same validation rules as the Name - field, and may be truncated by the length of the - suffix required to make the value unique on the - server. \n If this field is specified and the generated - name exists, the server will NOT return a 409 - - instead, it will either return 201 Created or 500 - with Reason ServerTimeout indicating a unique name - could not be found in the time allotted, and the - client should retry (optionally after the time indicated - in the Retry-After header). \n Applied only if Name - is not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" - type: string - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can - be used to organize and categorize (scope and select) - objects. May match selectors of replication controllers - and services. More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. - Is required when creating resources, although some - resources may allow a client to request the generation - of an appropriate name automatically. Name is primarily - intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: "Namespace defines the space within each - name must be unique. An empty namespace is equivalent - to the \"default\" namespace, but \"default\" is - the canonical representation. Not all objects are - required to be scoped to a namespace - the value - of this field for those objects will be empty. \n - Must be a DNS_LABEL. Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/namespaces" - type: string - ownerReferences: - description: List of objects depended by this object. - If ALL objects in the list have been deleted, this - object will be garbage collected. If this object - is managed by a controller, then an entry in this - list will point to this controller, with the controller - field set to true. There cannot be more than one - managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. An owning - object must be in the same namespace as the dependent, - or be cluster-scoped, so there is no namespace - field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the - "foregroundDeletion" finalizer, then the owner - cannot be deleted from the key-value store - until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with - this field and enforces the foreground deletion. - Defaults to false. To set this field, a user - needs "delete" permission of the owner, otherwise - 422 (Unprocessable Entity) will be returned. - type: boolean - controller: - description: If true, this reference points - to the managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: - https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' - type: string - uid: - description: 'UID of the referent. More info: - https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - type: array - type: object - providerID: - description: ProviderID is the identification ID of the - machine provided by the provider. This field must match - the provider ID as seen on the node object corresponding - to this machine. This field is required by higher level - consumers of cluster-api. Example use case is cluster - autoscaler with cluster-api as provider. Clean-up logic - in the autoscaler compares machines to nodes to find - out machines at provider which could not get registered - as Kubernetes nodes. With cluster-api as a generic out-of-tree - provider for autoscaler, this field is required by autoscaler - to be able to have a provider view of the list of machines. - Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered - machines and are marked for delete. This field will - be set by the actuators and consumed by higher level - entities like autoscaler that will be interfacing with - cluster-api as generic provider. - type: string - providerSpec: - description: ProviderSpec details Provider-specific configuration - to use during node creation. - properties: - value: - description: Value is an inlined, serialized representation - of the resource configuration. It is recommended - that providers maintain their own versioned API - types that should be serialized/deserialized from - this field, akin to component config. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - taints: - description: The list of the taints to be applied to the - corresponding Node in additive manner. This list will - not overwrite any other taints added to the Node on - an ongoing basis by other entities. These taints should - be actively reconciled e.g. if you ask the machine controller - to apply a taint and then manually remove the taint - the machine controller will put it back) but not have - the machine controller remove any taints - items: - description: The node this Taint is attached to has - the "effect" on any pod that does not tolerate the - Taint. - properties: - effect: - description: Required. The effect of the taint on - pods that do not tolerate the taint. Valid effects - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied - to a node. - type: string - timeAdded: - description: TimeAdded represents the time at which - the taint was added. It is only written for NoExecute - taints. - format: date-time - type: string - value: - description: The taint value corresponding to the - taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - required: - - metadata - - spec - type: object - required: - - machineType - type: object - x-kubernetes-validations: - - message: machines_v1beta1_machine_openshift_io configuration is - required when machineType is machines_v1beta1_machine_openshift_io, - and forbidden otherwise - rule: 'has(self.machineType) && self.machineType == ''machines_v1beta1_machine_openshift_io'' - ? has(self.machines_v1beta1_machine_openshift_io) : !has(self.machines_v1beta1_machine_openshift_io)' - required: - - replicas - - selector - - template - type: object - status: - description: ControlPlaneMachineSetStatus represents the status of the - ControlPlaneMachineSet CRD. - properties: - conditions: - description: 'Conditions represents the observations of the ControlPlaneMachineSet''s - current state. Known .status.conditions.type are: Available, Degraded - and Progressing.' - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - observedGeneration: - description: ObservedGeneration is the most recent generation observed - for this ControlPlaneMachineSet. It corresponds to the ControlPlaneMachineSets's - generation, which is updated on mutation by the API Server. - format: int64 - type: integer - readyReplicas: - description: ReadyReplicas is the number of Control Plane Machines - created by the ControlPlaneMachineSet controller which are ready. - Note that this value may be higher than the desired number of replicas - while rolling updates are in-progress. - format: int32 - type: integer - replicas: - description: Replicas is the number of Control Plane Machines created - by the ControlPlaneMachineSet controller. Note that during update - operations this value may differ from the desired replica count. - format: int32 - type: integer - unavailableReplicas: - description: UnavailableReplicas is the number of Control Plane Machines - that are still required before the ControlPlaneMachineSet reaches - the desired available capacity. When this value is non-zero, the - number of ReadyReplicas is less than the desired Replicas. - format: int32 - type: integer - updatedReplicas: - description: UpdatedReplicas is the number of non-terminated Control - Plane Machines created by the ControlPlaneMachineSet controller - that have the desired provider spec and are ready. This value is - set to 0 when a change is detected to the desired spec. When the - update strategy is RollingUpdate, this will also coincide with starting - the process of updating the Machines. When the update strategy is - OnDelete, this value will remain at 0 until a user deletes an existing - replica and its replacement has become ready. - format: int32 - type: integer - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.labelSelector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} diff --git a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.aws.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.aws.testsuite.yaml deleted file mode 100644 index 07a5ec7c13c..00000000000 --- a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.aws.testsuite.yaml +++ /dev/null @@ -1,368 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ControlPlaneMachineSet (AWS)" -crd: 0000_10_controlplanemachineset.crd.yaml -tests: - onCreate: - - name: Should reject an AWS platform failure domain without any AWS config - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": aws configuration is required when platform is AWS" - - name: Should reject an AWS configured failure domain without a platform type - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - aws: - - placement: - availabilityZone: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.platform: Required value" - - name: Should reject an AWS configured failure domain with the wrong platform type - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: BareMetal - aws: - - placement: - availabilityZone: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": aws configuration is required when platform is AWS, and forbidden otherwise" - - name: Should reject an AWS failure domain with the subnet type omitted - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: {} - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.aws[0].subnet.type: Required value, : Invalid value: \"null\"" - - name: Should reject an AWS failure domain with the subnet type ID and no ID provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: - type: ID - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.aws[0].subnet: Invalid value: \"object\": id is required when type is ID, and forbidden otherwise" - - name: Should accept an AWS failure domain with the subnet type ID and an ID provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: - type: ID - id: foo - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: - type: ID - id: foo - - name: Should reject an AWS failure domain with the subnet type ID and an ARN provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: - type: ID - id: foo - arn: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.aws[0].subnet: Invalid value: \"object\": arn is required when type is ARN, and forbidden otherwise" - - name: Should reject an AWS failure domain with the subnet type ID and a Filter provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: - type: ID - id: foo - filters: - - name: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.aws[0].subnet: Invalid value: \"object\": filters is required when type is Filters, and forbidden otherwise" - - name: Should accept an AWS failure domain with the subnet type ARN and an ARN provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: - type: ARN - arn: foo - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: - type: ARN - arn: foo - - name: Should accept an AWS failure domain with the subnet type Filters and a Filter provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: - type: Filters - filters: - - name: foo - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: - type: Filters - filters: - - name: foo - - name: Should reject an AWS failure domain with the subnet type ARN and an ID provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: AWS - aws: - - subnet: - type: ARN - id: foo - arn: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.aws[0].subnet: Invalid value: \"object\": id is required when type is ID, and forbidden otherwise" diff --git a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.azure.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.azure.testsuite.yaml deleted file mode 100644 index 191bf65f2e4..00000000000 --- a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.azure.testsuite.yaml +++ /dev/null @@ -1,74 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ControlPlaneMachineSet" -crd: 0000_10_controlplanemachineset.crd.yaml -tests: - onCreate: - - name: Should reject an Azure platform failure domain without any Azure config - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: Azure - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": azure configuration is required when platform is Azure" - - name: Should reject an Azure configured failure domain without a platform type - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - azure: - - zone: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.platform: Required value" - - name: Should reject an Azure configured failure domain with the wrong platform type - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: BareMetal - azure: - - zone: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": azure configuration is required when platform is Azure, and forbidden otherwise" diff --git a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.gcp.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.gcp.testsuite.yaml deleted file mode 100644 index 518625f915f..00000000000 --- a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.gcp.testsuite.yaml +++ /dev/null @@ -1,74 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ControlPlaneMachineSet" -crd: 0000_10_controlplanemachineset.crd.yaml -tests: - onCreate: - - name: Should reject an GCP platform failure domain without any GCP config - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: GCP - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": gcp configuration is required when platform is GCP" - - name: Should reject an GCP configured failure domain without a platform type - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - aws: - - zone: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.platform: Required value" - - name: Should reject an GCP configured failure domain with the wrong platform type - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: BareMetal - gcp: - - zone: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": gcp configuration is required when platform is GCP, and forbidden otherwise" diff --git a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml deleted file mode 100644 index a09de51e0f1..00000000000 --- a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.openstack.testsuite.yaml +++ /dev/null @@ -1,632 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ControlPlaneMachineSet" -crd: 0000_10_controlplanemachineset.crd.yaml -tests: - onCreate: - - name: Should reject an OpenStack platform failure domain without any OpenStack config - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": openstack configuration is required when platform is OpenStack" - - name: Should reject an OpenStack configured failure domain without a platform type - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - openstack: - - availabilityZone: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.platform: Required value" - - name: Should reject an OpenStack configured failure domain with an empty OpenStack config - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: {} - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack in body must be of type array: \"object\"" - - name: Should accept no failureDomains - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: "" - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: "" - - name: Should reject an OpenStack configured failure domain with the wrong platform type - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: BareMetal - openstack: - - availabilityZone: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": openstack configuration is required when platform is OpenStack, and forbidden otherwise" - - name: Should accept an OpenStack failure domain with only the availabilityZone provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: foo - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: foo - - name: Should accept an OpenStack failure domain with only the rootVolume provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - rootVolume: - availabilityZone: foo - volumeType: fast - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - rootVolume: - availabilityZone: foo - volumeType: fast - - name: Should accept an OpenStack failure domain with only the root volume type provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - rootVolume: - volumeType: typeone - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - rootVolume: - volumeType: typeone - - name: Should accept an OpenStack failure domain with both availabilityZone and rootVolume provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: foo - rootVolume: - availabilityZone: foo - volumeType: fast - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: foo - rootVolume: - availabilityZone: foo - volumeType: fast - - name: Should accept an OpenStack failure domain with both availabilityZone and root volume type provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: foo - rootVolume: - availabilityZone: foo - volumeType: bar - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: foo - rootVolume: - availabilityZone: foo - volumeType: bar - - name: Should reject an OpenStack failure domain with no rootVolume volumeType provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - rootVolume: - availabilityZone: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.volumeType: Required value, : Invalid value: \"null\": some validation rules were not checked" - - name: Should reject an OpenStack failure domain with an empty rootVolume volumeType provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - rootVolume: - volumeType: "" - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.volumeType: Invalid value: \"\": spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.volumeType in body should be at least 1 chars long" - - name: Should reject an OpenStack failure domain with too long a rootVolume volumeType name - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: foo - rootVolume: - volumeType: a123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345 - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.volumeType: Too long: may not be longer than 255" - - name: Should reject an OpenStack failure domain with both availabilityZone and root volume provided but with missing root volume availabilityZone - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: foo - rootVolume: - volumeType: bar - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0]: Invalid value: \"object\": rootVolume.availabilityZone is required when availabilityZone is set" - - name: Should reject an empty OpenStack failure domain - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: foo - - {} - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[1] in body should have at least 1 properties" - - name: Should reject an OpenStack failure domain with an empty availabilityZone provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: "" - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].availabilityZone in body should be at least 1 chars long" - - name: Should reject an OpenStack failure domain with an empty rootVolume availabilityZone provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - rootVolume: - availabilityZone: "" - volumeType: fast - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.availabilityZone in body should be at least 1 chars long" - - name: Should reject an OpenStack failure domain with an invalid availabilityZone provided - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - availabilityZone: foo:bar - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].availabilityZone in body should match" - - name: Should reject an OpenStack failure domain with an invalid availabilityZone provided for rootVolume - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: OpenStack - openstack: - - rootVolume: - availabilityZone: "foo bar" - volumeType: fast - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.openstack[0].rootVolume.availabilityZone in body should match" diff --git a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.testsuite.yaml deleted file mode 100644 index bd105cad9c3..00000000000 --- a/vendor/github.com/openshift/api/machine/v1/stable.controlplanemachineset.testsuite.yaml +++ /dev/null @@ -1,533 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ControlPlaneMachineSet" -crd: 0000_10_controlplanemachineset.crd.yaml -tests: - onCreate: - - name: Should reject an VSphere platform failure domain without any VSphere config - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - platform: VSphere - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains: Invalid value: \"object\": vsphere configuration is required when platform is VSphere" - - name: Should reject an VSphere configured failure domain without a platform type - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - failureDomains: - vsphere: - - name: foo - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.failureDomains.platform: Required value" - - name: Should be able to create a minimal ControlPlaneMachineSet - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - - name: Should reject a missing machineType - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expectedError: "spec.template.machineType: Required value" - - name: Should reject a missing machines_v1beta1_machine_openshift_io - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - expectedError: "spec.template: Invalid value: \"object\": machines_v1beta1_machine_openshift_io configuration is required when machineType is machines_v1beta1_machine_openshift_io, and forbidden otherwise" - - name: Should reject a worker role label - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: worker - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.metadata.labels: Invalid value: \"object\": label 'machine.openshift.io/cluster-api-machine-role' is required, and must have value 'master'" - - name: Should reject a missing role label - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.metadata.labels: Invalid value: \"object\": label 'machine.openshift.io/cluster-api-machine-role' is required, and must have value 'master'" - - name: Should reject a worker type label - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: worker - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.metadata.labels: Invalid value: \"object\": label 'machine.openshift.io/cluster-api-machine-type' is required, and must have value 'master'" - - name: Should reject a missing type label - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.metadata.labels: Invalid value: \"object\": label 'machine.openshift.io/cluster-api-machine-type' is required, and must have value 'master'" - - name: Should reject a missing cluster ID label - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - spec: - providerSpec: {} - expectedError: "spec.template.machines_v1beta1_machine_openshift_io.metadata.labels: Invalid value: \"object\": label 'machine.openshift.io/cluster-api-cluster' is required" - - name: Should be able to create an Active ControlPlaneMachineSet - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - state: Active - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Active - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - onUpdate: - - name: Replicas should be immutable - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - updated: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 5 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expectedError: "spec.replicas: Invalid value: \"integer\": replicas is immutable" - - name: Selector should be immutable - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - updated: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - foo: bar - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expectedError: "spec.selector: Invalid value: \"object\": selector is immutable" - - name: Should default the strategy when removed - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: OnDelete - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - updated: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - - name: Should allow the state to change to Active - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - updated: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Active - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expected: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Active - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - - name: Should not allow the state to change from Active - initial: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Active - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - updated: | - apiVersion: machine.openshift.io/v1 - kind: ControlPlaneMachineSet - spec: - replicas: 3 - state: Inactive - strategy: - type: RollingUpdate - selector: - matchLabels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - template: - machineType: machines_v1beta1_machine_openshift_io - machines_v1beta1_machine_openshift_io: - metadata: - labels: - machine.openshift.io/cluster-api-machine-role: master - machine.openshift.io/cluster-api-machine-type: master - machine.openshift.io/cluster-api-cluster: cluster - spec: - providerSpec: {} - expectedError: "spec.state: Invalid value: \"string\": state cannot be changed once Active" diff --git a/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go b/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go index 2b294d09c0a..a2e7ae03e19 100644 --- a/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go +++ b/vendor/github.com/openshift/api/machine/v1/types_controlplanemachineset.go @@ -21,7 +21,7 @@ import ( // +kubebuilder:printcolumn:name="State",type="string",JSONPath=".spec.state",description="ControlPlaneMachineSet state" // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="ControlPlaneMachineSet age" // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1112 -// +openshift:file-pattern=0000_10_controlplanemachinesetMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=control-plane-machine-set,operatorOrdering=01 // +openshift:capability=MachineAPI // +kubebuilder:metadata:annotations="exclude.release.openshift.io/internal-openshift-hosted=true" // +kubebuilder:metadata:annotations=include.release.openshift.io/self-managed-high-availability=true diff --git a/vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml index 1f1de561aa6..258caa113bd 100644 --- a/vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/machine/v1/zz_generated.featuregated-crd-manifests.yaml @@ -7,6 +7,9 @@ controlplanemachinesets.machine.openshift.io: Capability: MachineAPI Category: "" FeatureGates: [] + FilenameOperatorName: control-plane-machine-set + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: machine.openshift.io HasStatus: true KindName: ControlPlaneMachineSet @@ -43,7 +46,6 @@ controlplanemachinesets.machine.openshift.io: type: date Scope: Namespaced ShortNames: null - TargetFilenamePattern: 0000_10_controlplanemachinesetMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 diff --git a/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machine.crd.yaml b/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machine.crd.yaml deleted file mode 100644 index af7e9f3bfaf..00000000000 --- a/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machine.crd.yaml +++ /dev/null @@ -1,487 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/948 - api.openshift.io/merged-by-featuregates: "true" - capability.openshift.io/name: MachineAPI - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: machines.machine.openshift.io -spec: - group: machine.openshift.io - names: - kind: Machine - listKind: MachineList - plural: machines - singular: machine - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Phase of machine - jsonPath: .status.phase - name: Phase - type: string - - description: Type of instance - jsonPath: .metadata.labels['machine\.openshift\.io/instance-type'] - name: Type - type: string - - description: Region associated with machine - jsonPath: .metadata.labels['machine\.openshift\.io/region'] - name: Region - type: string - - description: Zone associated with machine - jsonPath: .metadata.labels['machine\.openshift\.io/zone'] - name: Zone - type: string - - description: Machine age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - - description: Node associated with machine - jsonPath: .status.nodeRef.name - name: Node - priority: 1 - type: string - - description: Provider ID of machine created in cloud provider - jsonPath: .spec.providerID - name: ProviderID - priority: 1 - type: string - - description: State of instance - jsonPath: .metadata.annotations['machine\.openshift\.io/instance-state'] - name: State - priority: 1 - type: string - name: v1beta1 - schema: - openAPIV3Schema: - description: 'Machine is the Schema for the machines API Compatibility level - 2: Stable within a major release for a minimum of 9 months or 3 minor releases - (whichever is longer).' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MachineSpec defines the desired state of Machine - properties: - lifecycleHooks: - description: LifecycleHooks allow users to pause operations on the - machine at certain predefined points within the machine lifecycle. - properties: - preDrain: - description: PreDrain hooks prevent the machine from being drained. - This also blocks further lifecycle events, such as termination. - items: - description: LifecycleHook represents a single instance of a - lifecycle hook - properties: - name: - description: Name defines a unique name for the lifcycle - hook. The name should be unique and descriptive, ideally - 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. - Names must be unique and should only be managed by a single - entity. - maxLength: 256 - minLength: 3 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - owner: - description: Owner defines the owner of the lifecycle hook. - This should be descriptive enough so that users can identify - who/what is responsible for blocking the lifecycle. This - could be the name of a controller (e.g. clusteroperator/etcd) - or an administrator managing the hook. - maxLength: 512 - minLength: 3 - type: string - required: - - name - - owner - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - preTerminate: - description: PreTerminate hooks prevent the machine from being - terminated. PreTerminate hooks be actioned after the Machine - has been drained. - items: - description: LifecycleHook represents a single instance of a - lifecycle hook - properties: - name: - description: Name defines a unique name for the lifcycle - hook. The name should be unique and descriptive, ideally - 1-3 words, in CamelCase or it may be namespaced, eg. foo.example.com/CamelCase. - Names must be unique and should only be managed by a single - entity. - maxLength: 256 - minLength: 3 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - owner: - description: Owner defines the owner of the lifecycle hook. - This should be descriptive enough so that users can identify - who/what is responsible for blocking the lifecycle. This - could be the name of a controller (e.g. clusteroperator/etcd) - or an administrator managing the hook. - maxLength: 512 - minLength: 3 - type: string - required: - - name - - owner - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - metadata: - description: ObjectMeta will autopopulate the Node created. Use this - to indicate what labels, annotations, name prefix, etc., should - be used when creating the Node. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map stored - with a resource that may be set by external tools to store and - retrieve arbitrary metadata. They are not queryable and should - be preserved when modifying objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - generateName: - description: "GenerateName is an optional prefix, used by the - server, to generate a unique name ONLY IF the Name field has - not been provided. If this field is used, the name returned - to the client will be different than the name passed. This value - will also be combined with a unique suffix. The provided value - has the same validation rules as the Name field, and may be - truncated by the length of the suffix required to make the value - unique on the server. \n If this field is specified and the - generated name exists, the server will NOT return a 409 - instead, - it will either return 201 Created or 500 with Reason ServerTimeout - indicating a unique name could not be found in the time allotted, - and the client should retry (optionally after the time indicated - in the Retry-After header). \n Applied only if Name is not specified. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" - type: string - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used to - organize and categorize (scope and select) objects. May match - selectors of replication controllers and services. More info: - http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow a - client to request the generation of an appropriate name automatically. - Name is primarily intended for creation idempotence and configuration - definition. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: "Namespace defines the space within each name must - be unique. An empty namespace is equivalent to the \"default\" - namespace, but \"default\" is the canonical representation. - Not all objects are required to be scoped to a namespace - the - value of this field for those objects will be empty. \n Must - be a DNS_LABEL. Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" - type: string - ownerReferences: - description: List of objects depended by this object. If ALL objects - in the list have been deleted, this object will be garbage collected. - If this object is managed by a controller, then an entry in - this list will point to this controller, with the controller - field set to true. There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information to let - you identify an owning object. An owning object must be in - the same namespace as the dependent, or be cluster-scoped, - so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the key-value - store until this reference is removed. See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this field - and enforces the foreground deletion. Defaults to false. - To set this field, a user needs "delete" permission of - the owner, otherwise 422 (Unprocessable Entity) will be - returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - type: array - type: object - providerID: - description: ProviderID is the identification ID of the machine provided - by the provider. This field must match the provider ID as seen on - the node object corresponding to this machine. This field is required - by higher level consumers of cluster-api. Example use case is cluster - autoscaler with cluster-api as provider. Clean-up logic in the autoscaler - compares machines to nodes to find out machines at provider which - could not get registered as Kubernetes nodes. With cluster-api as - a generic out-of-tree provider for autoscaler, this field is required - by autoscaler to be able to have a provider view of the list of - machines. Another list of nodes is queried from the k8s apiserver - and then a comparison is done to find out unregistered machines - and are marked for delete. This field will be set by the actuators - and consumed by higher level entities like autoscaler that will - be interfacing with cluster-api as generic provider. - type: string - providerSpec: - description: ProviderSpec details Provider-specific configuration - to use during node creation. - properties: - value: - description: Value is an inlined, serialized representation of - the resource configuration. It is recommended that providers - maintain their own versioned API types that should be serialized/deserialized - from this field, akin to component config. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - taints: - description: The list of the taints to be applied to the corresponding - Node in additive manner. This list will not overwrite any other - taints added to the Node on an ongoing basis by other entities. - These taints should be actively reconciled e.g. if you ask the machine - controller to apply a taint and then manually remove the taint the - machine controller will put it back) but not have the machine controller - remove any taints - items: - description: The node this Taint is attached to has the "effect" - on any pod that does not tolerate the Taint. - properties: - effect: - description: Required. The effect of the taint on pods that - do not tolerate the taint. Valid effects are NoSchedule, PreferNoSchedule - and NoExecute. - type: string - key: - description: Required. The taint key to be applied to a node. - type: string - timeAdded: - description: TimeAdded represents the time at which the taint - was added. It is only written for NoExecute taints. - format: date-time - type: string - value: - description: The taint value corresponding to the taint key. - type: string - required: - - effect - - key - type: object - type: array - type: object - status: - description: MachineStatus defines the observed state of Machine - properties: - addresses: - description: Addresses is a list of addresses assigned to the machine. - Queried from cloud provider, if available. - items: - description: NodeAddress contains information for the node's address. - properties: - address: - description: The node address. - type: string - type: - description: Node address type, one of Hostname, ExternalIP - or InternalIP. - type: string - required: - - address - - type - type: object - type: array - conditions: - description: Conditions defines the current state of the Machine - items: - description: Condition defines an observation of a Machine API resource - operational state. - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. - format: date-time - type: string - message: - description: A human readable message indicating details about - the transition. This field may be empty. - type: string - reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. - type: string - severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. - type: string - type: object - type: array - errorMessage: - description: "ErrorMessage will be set in the event that there is - a terminal problem reconciling the Machine and will contain a more - verbose string suitable for logging and human consumption. \n This - field should not be set for transitive errors that a controller - faces that are expected to be fixed automatically over time (like - service outages), but instead indicate that something is fundamentally - wrong with the Machine's spec or the configuration of the controller, - and that manual intervention is required. Examples of terminal errors - would be invalid combinations of settings in the spec, values that - are unsupported by the controller, or the responsible controller - itself being critically misconfigured. \n Any transient errors that - occur during the reconciliation of Machines can be added as events - to the Machine object and/or logged in the controller's output." - type: string - errorReason: - description: "ErrorReason will be set in the event that there is a - terminal problem reconciling the Machine and will contain a succinct - value suitable for machine interpretation. \n This field should - not be set for transitive errors that a controller faces that are - expected to be fixed automatically over time (like service outages), - but instead indicate that something is fundamentally wrong with - the Machine's spec or the configuration of the controller, and that - manual intervention is required. Examples of terminal errors would - be invalid combinations of settings in the spec, values that are - unsupported by the controller, or the responsible controller itself - being critically misconfigured. \n Any transient errors that occur - during the reconciliation of Machines can be added as events to - the Machine object and/or logged in the controller's output." - type: string - lastOperation: - description: LastOperation describes the last-operation performed - by the machine-controller. This API should be useful as a history - in terms of the latest operation performed on the specific machine. - It should also convey the state of the latest-operation for example - if it is still on-going, failed or completed successfully. - properties: - description: - description: Description is the human-readable description of - the last operation. - type: string - lastUpdated: - description: LastUpdated is the timestamp at which LastOperation - API was last-updated. - format: date-time - type: string - state: - description: State is the current status of the last performed - operation. E.g. Processing, Failed, Successful etc - type: string - type: - description: Type is the type of operation which was last performed. - E.g. Create, Delete, Update etc - type: string - type: object - lastUpdated: - description: LastUpdated identifies when this status was last observed. - format: date-time - type: string - nodeRef: - description: NodeRef will point to the corresponding Node if it exists. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - x-kubernetes-map-type: atomic - phase: - description: 'Phase represents the current phase of machine actuation. - One of: Failed, Provisioning, Provisioned, Running, Deleting' - type: string - providerStatus: - description: ProviderStatus details a Provider-specific status. It - is recommended that providers maintain their own versioned API types - that should be serialized/deserialized from this field. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machinehealthcheck.yaml b/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machinehealthcheck.yaml deleted file mode 100644 index b0018809938..00000000000 --- a/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machinehealthcheck.yaml +++ /dev/null @@ -1,264 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1032 - api.openshift.io/merged-by-featuregates: "true" - capability.openshift.io/name: MachineAPI - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: machinehealthchecks.machine.openshift.io -spec: - group: machine.openshift.io - names: - kind: MachineHealthCheck - listKind: MachineHealthCheckList - plural: machinehealthchecks - shortNames: - - mhc - - mhcs - singular: machinehealthcheck - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Maximum number of unhealthy machines allowed - jsonPath: .spec.maxUnhealthy - name: MaxUnhealthy - type: string - - description: Number of machines currently monitored - jsonPath: .status.expectedMachines - name: ExpectedMachines - type: integer - - description: Current observed healthy machines - jsonPath: .status.currentHealthy - name: CurrentHealthy - type: integer - name: v1beta1 - schema: - openAPIV3Schema: - description: 'MachineHealthCheck is the Schema for the machinehealthchecks - API Compatibility level 2: Stable within a major release for a minimum of - 9 months or 3 minor releases (whichever is longer).' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Specification of machine health check policy - properties: - maxUnhealthy: - anyOf: - - type: integer - - type: string - default: 100% - description: Any farther remediation is only allowed if at most "MaxUnhealthy" - machines selected by "selector" are not healthy. Expects either - a postive integer value or a percentage value. Percentage values - must be positive whole numbers and are capped at 100%. Both 0 and - 0% are valid and will block all remediation. - pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ - x-kubernetes-int-or-string: true - nodeStartupTimeout: - default: 10m - description: Machines older than this duration without a node will - be considered to have failed and will be remediated. To prevent - Machines without Nodes from being removed, disable startup checks - by setting this value explicitly to "0". Expects an unsigned duration - string of decimal numbers each with optional fraction and a unit - suffix, eg "300ms", "1.5h" or "2h45m". Valid time units are "ns", - "us" (or "µs"), "ms", "s", "m", "h". - pattern: ^0|([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ - type: string - remediationTemplate: - description: "RemediationTemplate is a reference to a remediation - template provided by an infrastructure provider. \n This field is - completely optional, when filled, the MachineHealthCheck controller - creates a new object from the template referenced and hands off - remediation of the machine to a controller that lives outside of - Machine API Operator." - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - x-kubernetes-map-type: atomic - selector: - description: 'Label selector to match machines whose health will be - exercised. Note: An empty selector will match all machines.' - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - unhealthyConditions: - description: UnhealthyConditions contains a list of the conditions - that determine whether a node is considered unhealthy. The conditions - are combined in a logical OR, i.e. if any of the conditions is met, - the node is unhealthy. - items: - description: UnhealthyCondition represents a Node condition type - and value with a timeout specified as a duration. When the named - condition has been in the given status for at least the timeout - value, a node is considered unhealthy. - properties: - status: - minLength: 1 - type: string - timeout: - description: Expects an unsigned duration string of decimal - numbers each with optional fraction and a unit suffix, eg - "300ms", "1.5h" or "2h45m". Valid time units are "ns", "us" - (or "µs"), "ms", "s", "m", "h". - pattern: ^([0-9]+(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ - type: string - type: - minLength: 1 - type: string - type: object - minItems: 1 - type: array - type: object - status: - description: Most recently observed status of MachineHealthCheck resource - properties: - conditions: - description: Conditions defines the current state of the MachineHealthCheck - items: - description: Condition defines an observation of a Machine API resource - operational state. - properties: - lastTransitionTime: - description: Last time the condition transitioned from one status - to another. This should be when the underlying condition changed. - If that is not known, then using the time when the API field - changed is acceptable. - format: date-time - type: string - message: - description: A human readable message indicating details about - the transition. This field may be empty. - type: string - reason: - description: The reason for the condition's last transition - in CamelCase. The specific API may choose whether or not this - field is considered a guaranteed API. This field may not be - empty. - type: string - severity: - description: Severity provides an explicit classification of - Reason code, so the users or machines can immediately understand - the current situation and act accordingly. The Severity field - MUST be set only when Status=False. - type: string - status: - description: Status of the condition, one of True, False, Unknown. - type: string - type: - description: Type of condition in CamelCase or in foo.example.com/CamelCase. - Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. - type: string - type: object - type: array - currentHealthy: - description: total number of machines counted by this machine health - check - minimum: 0 - type: integer - expectedMachines: - description: total number of machines counted by this machine health - check - minimum: 0 - type: integer - remediationsAllowed: - description: RemediationsAllowed is the number of further remediations - allowed by this machine health check before maxUnhealthy short circuiting - will be applied - format: int32 - minimum: 0 - type: integer - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machineset.crd.yaml b/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machineset.crd.yaml deleted file mode 100644 index 3393f9972b7..00000000000 --- a/vendor/github.com/openshift/api/machine/v1beta1/0000_10_machineset.crd.yaml +++ /dev/null @@ -1,556 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1032 - api.openshift.io/merged-by-featuregates: "true" - capability.openshift.io/name: MachineAPI - exclude.release.openshift.io/internal-openshift-hosted: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: machinesets.machine.openshift.io -spec: - group: machine.openshift.io - names: - kind: MachineSet - listKind: MachineSetList - plural: machinesets - singular: machineset - scope: Namespaced - versions: - - additionalPrinterColumns: - - description: Desired Replicas - jsonPath: .spec.replicas - name: Desired - type: integer - - description: Current Replicas - jsonPath: .status.replicas - name: Current - type: integer - - description: Ready Replicas - jsonPath: .status.readyReplicas - name: Ready - type: integer - - description: Observed number of available replicas - jsonPath: .status.availableReplicas - name: Available - type: string - - description: Machineset age - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1beta1 - schema: - openAPIV3Schema: - description: 'MachineSet ensures that a specified number of machines replicas - are running at any given time. Compatibility level 2: Stable within a major - release for a minimum of 9 months or 3 minor releases (whichever is longer).' - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MachineSetSpec defines the desired state of MachineSet - properties: - deletePolicy: - description: DeletePolicy defines the policy used to identify nodes - to delete when downscaling. Defaults to "Random". Valid values - are "Random, "Newest", "Oldest" - enum: - - Random - - Newest - - Oldest - type: string - minReadySeconds: - description: MinReadySeconds is the minimum number of seconds for - which a newly created machine should be ready. Defaults to 0 (machine - will be considered available as soon as it is ready) - format: int32 - type: integer - replicas: - default: 1 - description: Replicas is the number of desired replicas. This is a - pointer to distinguish between explicit zero and unspecified. Defaults - to 1. - format: int32 - type: integer - selector: - description: 'Selector is a label query over machines that should - match the replica count. Label keys and values that must match in - order to be controlled by this MachineSet. It must match the machine - template''s labels. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors' - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - template: - description: Template is the object that describes the machine that - will be created if insufficient replicas are detected. - properties: - metadata: - description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value map - stored with a resource that may be set by external tools - to store and retrieve arbitrary metadata. They are not queryable - and should be preserved when modifying objects. More info: - http://kubernetes.io/docs/user-guide/annotations' - type: object - generateName: - description: "GenerateName is an optional prefix, used by - the server, to generate a unique name ONLY IF the Name field - has not been provided. If this field is used, the name returned - to the client will be different than the name passed. This - value will also be combined with a unique suffix. The provided - value has the same validation rules as the Name field, and - may be truncated by the length of the suffix required to - make the value unique on the server. \n If this field is - specified and the generated name exists, the server will - NOT return a 409 - instead, it will either return 201 Created - or 500 with Reason ServerTimeout indicating a unique name - could not be found in the time allotted, and the client - should retry (optionally after the time indicated in the - Retry-After header). \n Applied only if Name is not specified. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" - type: string - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be used - to organize and categorize (scope and select) objects. May - match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. Is required - when creating resources, although some resources may allow - a client to request the generation of an appropriate name - automatically. Name is primarily intended for creation idempotence - and configuration definition. Cannot be updated. More info: - http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: "Namespace defines the space within each name - must be unique. An empty namespace is equivalent to the - \"default\" namespace, but \"default\" is the canonical - representation. Not all objects are required to be scoped - to a namespace - the value of this field for those objects - will be empty. \n Must be a DNS_LABEL. Cannot be updated. - More info: http://kubernetes.io/docs/user-guide/namespaces" - type: string - ownerReferences: - description: List of objects depended by this object. If ALL - objects in the list have been deleted, this object will - be garbage collected. If this object is managed by a controller, - then an entry in this list will point to this controller, - with the controller field set to true. There cannot be more - than one managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. An owning object - must be in the same namespace as the dependent, or be - cluster-scoped, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from the - key-value store until this reference is removed. See - https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this - field and enforces the foreground deletion. Defaults - to false. To set this field, a user needs "delete" - permission of the owner, otherwise 422 (Unprocessable - Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the managing - controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - type: array - type: object - spec: - description: 'Specification of the desired behavior of the machine. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - properties: - lifecycleHooks: - description: LifecycleHooks allow users to pause operations - on the machine at certain predefined points within the machine - lifecycle. - properties: - preDrain: - description: PreDrain hooks prevent the machine from being - drained. This also blocks further lifecycle events, - such as termination. - items: - description: LifecycleHook represents a single instance - of a lifecycle hook - properties: - name: - description: Name defines a unique name for the - lifcycle hook. The name should be unique and descriptive, - ideally 1-3 words, in CamelCase or it may be namespaced, - eg. foo.example.com/CamelCase. Names must be unique - and should only be managed by a single entity. - maxLength: 256 - minLength: 3 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - owner: - description: Owner defines the owner of the lifecycle - hook. This should be descriptive enough so that - users can identify who/what is responsible for - blocking the lifecycle. This could be the name - of a controller (e.g. clusteroperator/etcd) or - an administrator managing the hook. - maxLength: 512 - minLength: 3 - type: string - required: - - name - - owner - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - preTerminate: - description: PreTerminate hooks prevent the machine from - being terminated. PreTerminate hooks be actioned after - the Machine has been drained. - items: - description: LifecycleHook represents a single instance - of a lifecycle hook - properties: - name: - description: Name defines a unique name for the - lifcycle hook. The name should be unique and descriptive, - ideally 1-3 words, in CamelCase or it may be namespaced, - eg. foo.example.com/CamelCase. Names must be unique - and should only be managed by a single entity. - maxLength: 256 - minLength: 3 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - owner: - description: Owner defines the owner of the lifecycle - hook. This should be descriptive enough so that - users can identify who/what is responsible for - blocking the lifecycle. This could be the name - of a controller (e.g. clusteroperator/etcd) or - an administrator managing the hook. - maxLength: 512 - minLength: 3 - type: string - required: - - name - - owner - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - metadata: - description: ObjectMeta will autopopulate the Node created. - Use this to indicate what labels, annotations, name prefix, - etc., should be used when creating the Node. - properties: - annotations: - additionalProperties: - type: string - description: 'Annotations is an unstructured key value - map stored with a resource that may be set by external - tools to store and retrieve arbitrary metadata. They - are not queryable and should be preserved when modifying - objects. More info: http://kubernetes.io/docs/user-guide/annotations' - type: object - generateName: - description: "GenerateName is an optional prefix, used - by the server, to generate a unique name ONLY IF the - Name field has not been provided. If this field is used, - the name returned to the client will be different than - the name passed. This value will also be combined with - a unique suffix. The provided value has the same validation - rules as the Name field, and may be truncated by the - length of the suffix required to make the value unique - on the server. \n If this field is specified and the - generated name exists, the server will NOT return a - 409 - instead, it will either return 201 Created or - 500 with Reason ServerTimeout indicating a unique name - could not be found in the time allotted, and the client - should retry (optionally after the time indicated in - the Retry-After header). \n Applied only if Name is - not specified. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#idempotency" - type: string - labels: - additionalProperties: - type: string - description: 'Map of string keys and values that can be - used to organize and categorize (scope and select) objects. - May match selectors of replication controllers and services. - More info: http://kubernetes.io/docs/user-guide/labels' - type: object - name: - description: 'Name must be unique within a namespace. - Is required when creating resources, although some resources - may allow a client to request the generation of an appropriate - name automatically. Name is primarily intended for creation - idempotence and configuration definition. Cannot be - updated. More info: http://kubernetes.io/docs/user-guide/identifiers#names' - type: string - namespace: - description: "Namespace defines the space within each - name must be unique. An empty namespace is equivalent - to the \"default\" namespace, but \"default\" is the - canonical representation. Not all objects are required - to be scoped to a namespace - the value of this field - for those objects will be empty. \n Must be a DNS_LABEL. - Cannot be updated. More info: http://kubernetes.io/docs/user-guide/namespaces" - type: string - ownerReferences: - description: List of objects depended by this object. - If ALL objects in the list have been deleted, this object - will be garbage collected. If this object is managed - by a controller, then an entry in this list will point - to this controller, with the controller field set to - true. There cannot be more than one managing controller. - items: - description: OwnerReference contains enough information - to let you identify an owning object. An owning object - must be in the same namespace as the dependent, or - be cluster-scoped, so there is no namespace field. - properties: - apiVersion: - description: API version of the referent. - type: string - blockOwnerDeletion: - description: If true, AND if the owner has the "foregroundDeletion" - finalizer, then the owner cannot be deleted from - the key-value store until this reference is removed. - See https://kubernetes.io/docs/concepts/architecture/garbage-collection/#foreground-deletion - for how the garbage collector interacts with this - field and enforces the foreground deletion. Defaults - to false. To set this field, a user needs "delete" - permission of the owner, otherwise 422 (Unprocessable - Entity) will be returned. - type: boolean - controller: - description: If true, this reference points to the - managing controller. - type: boolean - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#names' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names#uids' - type: string - required: - - apiVersion - - kind - - name - - uid - type: object - x-kubernetes-map-type: atomic - type: array - type: object - providerID: - description: ProviderID is the identification ID of the machine - provided by the provider. This field must match the provider - ID as seen on the node object corresponding to this machine. - This field is required by higher level consumers of cluster-api. - Example use case is cluster autoscaler with cluster-api - as provider. Clean-up logic in the autoscaler compares machines - to nodes to find out machines at provider which could not - get registered as Kubernetes nodes. With cluster-api as - a generic out-of-tree provider for autoscaler, this field - is required by autoscaler to be able to have a provider - view of the list of machines. Another list of nodes is queried - from the k8s apiserver and then a comparison is done to - find out unregistered machines and are marked for delete. - This field will be set by the actuators and consumed by - higher level entities like autoscaler that will be interfacing - with cluster-api as generic provider. - type: string - providerSpec: - description: ProviderSpec details Provider-specific configuration - to use during node creation. - properties: - value: - description: Value is an inlined, serialized representation - of the resource configuration. It is recommended that - providers maintain their own versioned API types that - should be serialized/deserialized from this field, akin - to component config. - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - taints: - description: The list of the taints to be applied to the corresponding - Node in additive manner. This list will not overwrite any - other taints added to the Node on an ongoing basis by other - entities. These taints should be actively reconciled e.g. - if you ask the machine controller to apply a taint and then - manually remove the taint the machine controller will put - it back) but not have the machine controller remove any - taints - items: - description: The node this Taint is attached to has the - "effect" on any pod that does not tolerate the Taint. - properties: - effect: - description: Required. The effect of the taint on pods - that do not tolerate the taint. Valid effects are - NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Required. The taint key to be applied to - a node. - type: string - timeAdded: - description: TimeAdded represents the time at which - the taint was added. It is only written for NoExecute - taints. - format: date-time - type: string - value: - description: The taint value corresponding to the taint - key. - type: string - required: - - effect - - key - type: object - type: array - type: object - type: object - type: object - status: - description: MachineSetStatus defines the observed state of MachineSet - properties: - availableReplicas: - description: The number of available replicas (ready for at least - minReadySeconds) for this MachineSet. - format: int32 - type: integer - errorMessage: - type: string - errorReason: - description: "In the event that there is a terminal problem reconciling - the replicas, both ErrorReason and ErrorMessage will be set. ErrorReason - will be populated with a succinct value suitable for machine interpretation, - while ErrorMessage will contain a more verbose string suitable for - logging and human consumption. \n These fields should not be set - for transitive errors that a controller faces that are expected - to be fixed automatically over time (like service outages), but - instead indicate that something is fundamentally wrong with the - MachineTemplate's spec or the configuration of the machine controller, - and that manual intervention is required. Examples of terminal errors - would be invalid combinations of settings in the spec, values that - are unsupported by the machine controller, or the responsible machine - controller itself being critically misconfigured. \n Any transient - errors that occur during the reconciliation of Machines can be added - as events to the MachineSet object and/or logged in the controller's - output." - type: string - fullyLabeledReplicas: - description: The number of replicas that have labels matching the - labels of the machine template of the MachineSet. - format: int32 - type: integer - observedGeneration: - description: ObservedGeneration reflects the generation of the most - recently observed MachineSet. - format: int64 - type: integer - readyReplicas: - description: The number of ready replicas for this MachineSet. A machine - is considered ready when the node has been created and is "Ready". - format: int32 - type: integer - replicas: - description: Replicas is the most recently observed number of replicas. - format: int32 - type: integer - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.labelSelector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.replicas - status: {} diff --git a/vendor/github.com/openshift/api/machine/v1beta1/stable.machine.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1beta1/stable.machine.testsuite.yaml deleted file mode 100644 index 2a7e0d62c62..00000000000 --- a/vendor/github.com/openshift/api/machine/v1beta1/stable.machine.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Machine" -crd: 0000_10_machine.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Machine - initial: | - apiVersion: machine.openshift.io/v1beta1 - kind: Machine - spec: {} # No spec is required for a Machine - expected: | - apiVersion: machine.openshift.io/v1beta1 - kind: Machine - spec: {} diff --git a/vendor/github.com/openshift/api/machine/v1beta1/stable.machinehealthcheck.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1beta1/stable.machinehealthcheck.testsuite.yaml deleted file mode 100644 index 703bcdef1dc..00000000000 --- a/vendor/github.com/openshift/api/machine/v1beta1/stable.machinehealthcheck.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] MachineHealthCheck" -crd: 0000_10_machinehealthcheck.yaml -tests: - onCreate: - - name: Should be able to create a minimal MachineHealthCheck - initial: | - apiVersion: machine.openshift.io/v1beta1 - kind: MachineHealthCheck - spec: {} # No spec is required for a MachineHealthCheck - expected: | - apiVersion: machine.openshift.io/v1beta1 - kind: MachineHealthCheck - spec: - maxUnhealthy: 100% - nodeStartupTimeout: 10m diff --git a/vendor/github.com/openshift/api/machine/v1beta1/stable.machineset.testsuite.yaml b/vendor/github.com/openshift/api/machine/v1beta1/stable.machineset.testsuite.yaml deleted file mode 100644 index f4dbda11be2..00000000000 --- a/vendor/github.com/openshift/api/machine/v1beta1/stable.machineset.testsuite.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] MachineSet" -crd: 0000_10_machineset.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal MachineSet - initial: | - apiVersion: machine.openshift.io/v1beta1 - kind: MachineSet - spec: {} # No spec is required for a MachineSet - expected: | - apiVersion: machine.openshift.io/v1beta1 - kind: MachineSet - spec: - replicas: 1 diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go b/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go index 602dfcbb27b..a2752733dfb 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_machine.go @@ -180,11 +180,10 @@ const ( // +kubebuilder:resource:path=machines,scope=Namespaced // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/948 -// +openshift:file-pattern=0000_10_machineMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=machine-api,operatorOrdering=01 // +openshift:capability=MachineAPI // +kubebuilder:metadata:annotations="exclude.release.openshift.io/internal-openshift-hosted=true" // +kubebuilder:metadata:annotations="include.release.openshift.io/self-managed-high-availability=true" -// +kubebuilder:metadata:annotations="include.release.openshift.io/single-node-developer=true" // +kubebuilder:printcolumn:name="Phase",type="string",JSONPath=".status.phase",description="Phase of machine" // +kubebuilder:printcolumn:name="Type",type="string",JSONPath=".metadata.labels['machine\\.openshift\\.io/instance-type']",description="Type of instance" // +kubebuilder:printcolumn:name="Region",type="string",JSONPath=".metadata.labels['machine\\.openshift\\.io/region']",description="Region associated with machine" diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_machinehealthcheck.go b/vendor/github.com/openshift/api/machine/v1beta1/types_machinehealthcheck.go index 2db4408ea31..9963690f8f2 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_machinehealthcheck.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_machinehealthcheck.go @@ -17,11 +17,10 @@ type RemediationStrategyType string // +kubebuilder:resource:path=machinehealthchecks,scope=Namespaced,shortName=mhc;mhcs // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1032 -// +openshift:file-pattern=0000_10_machinehealthcheckMARKERS.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=machine-api,operatorOrdering=01 // +openshift:capability=MachineAPI // +kubebuilder:metadata:annotations="exclude.release.openshift.io/internal-openshift-hosted=true" // +kubebuilder:metadata:annotations="include.release.openshift.io/self-managed-high-availability=true" -// +kubebuilder:metadata:annotations="include.release.openshift.io/single-node-developer=true" // +k8s:openapi-gen=true // +kubebuilder:printcolumn:name="MaxUnhealthy",type="string",JSONPath=".spec.maxUnhealthy",description="Maximum number of unhealthy machines allowed" // +kubebuilder:printcolumn:name="ExpectedMachines",type="integer",JSONPath=".status.expectedMachines",description="Number of machines currently monitored" diff --git a/vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go b/vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go index 271b77e0c5e..aadb519b7d8 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go +++ b/vendor/github.com/openshift/api/machine/v1beta1/types_machineset.go @@ -13,11 +13,10 @@ import ( // +kubebuilder:resource:path=machinesets,scope=Namespaced // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1032 -// +openshift:file-pattern=0000_10_machinesetMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=machine-api,operatorOrdering=01 // +openshift:capability=MachineAPI // +kubebuilder:metadata:annotations="exclude.release.openshift.io/internal-openshift-hosted=true" // +kubebuilder:metadata:annotations="include.release.openshift.io/self-managed-high-availability=true" -// +kubebuilder:metadata:annotations="include.release.openshift.io/single-node-developer=true" // +kubebuilder:subresource:scale:specpath=.spec.replicas,statuspath=.status.replicas,selectorpath=.status.labelSelector // +kubebuilder:printcolumn:name="Desired",type="integer",JSONPath=".spec.replicas",description="Desired Replicas" // +kubebuilder:printcolumn:name="Current",type="integer",JSONPath=".status.replicas",description="Current Replicas" diff --git a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.featuregated-crd-manifests.yaml index 62bf69e20f0..34e093b2589 100644 --- a/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/machine/v1beta1/zz_generated.featuregated-crd-manifests.yaml @@ -2,12 +2,14 @@ machines.machine.openshift.io: Annotations: exclude.release.openshift.io/internal-openshift-hosted: "true" include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" ApprovedPRNumber: https://github.com/openshift/api/pull/948 CRDName: machines.machine.openshift.io Capability: MachineAPI Category: "" FeatureGates: [] + FilenameOperatorName: machine-api + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: machine.openshift.io HasStatus: true KindName: Machine @@ -51,7 +53,6 @@ machines.machine.openshift.io: type: string Scope: Namespaced ShortNames: null - TargetFilenamePattern: 0000_10_machineMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1beta1 @@ -59,12 +60,14 @@ machinehealthchecks.machine.openshift.io: Annotations: exclude.release.openshift.io/internal-openshift-hosted: "true" include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" ApprovedPRNumber: https://github.com/openshift/api/pull/1032 CRDName: machinehealthchecks.machine.openshift.io Capability: MachineAPI Category: "" FeatureGates: [] + FilenameOperatorName: machine-api + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: machine.openshift.io HasStatus: true KindName: MachineHealthCheck @@ -87,7 +90,6 @@ machinehealthchecks.machine.openshift.io: ShortNames: - mhc - mhcs - TargetFilenamePattern: 0000_10_machinehealthcheckMARKERS.yaml TopLevelFeatureGates: [] Version: v1beta1 @@ -95,12 +97,14 @@ machinesets.machine.openshift.io: Annotations: exclude.release.openshift.io/internal-openshift-hosted: "true" include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" ApprovedPRNumber: https://github.com/openshift/api/pull/1032 CRDName: machinesets.machine.openshift.io Capability: MachineAPI Category: "" FeatureGates: [] + FilenameOperatorName: machine-api + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: machine.openshift.io HasStatus: true KindName: MachineSet @@ -129,7 +133,6 @@ machinesets.machine.openshift.io: type: date Scope: Namespaced ShortNames: null - TargetFilenamePattern: 0000_10_machinesetMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1beta1 diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_containerruntimeconfig.crd.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_containerruntimeconfig.crd.yaml deleted file mode 100644 index 02ac99c36dc..00000000000 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_containerruntimeconfig.crd.yaml +++ /dev/null @@ -1,180 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1453 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - labels: - openshift.io/operator-managed: "" - name: containerruntimeconfigs.machineconfiguration.openshift.io -spec: - group: machineconfiguration.openshift.io - names: - kind: ContainerRuntimeConfig - listKind: ContainerRuntimeConfigList - plural: containerruntimeconfigs - shortNames: - - ctrcfg - singular: containerruntimeconfig - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ContainerRuntimeConfig describes a customized Container Runtime - configuration. \n Compatibility level 1: Stable within a major release for - a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ContainerRuntimeConfigSpec defines the desired state of ContainerRuntimeConfig - properties: - containerRuntimeConfig: - description: ContainerRuntimeConfiguration defines the tuneables of - the container runtime - properties: - defaultRuntime: - description: defaultRuntime is the name of the OCI runtime to - be used as the default. - type: string - logLevel: - description: logLevel specifies the verbosity of the logs based - on the level it is set to. Options are fatal, panic, error, - warn, info, and debug. - type: string - logSizeMax: - anyOf: - - type: integer - - type: string - description: logSizeMax specifies the Maximum size allowed for - the container log file. Negative numbers indicate that no size - limit is imposed. If it is positive, it must be >= 8192 to match/exceed - conmon's read buffer. - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - overlaySize: - anyOf: - - type: integer - - type: string - description: 'overlaySize specifies the maximum size of a container - image. This flag can be used to set quota on the size of container - images. (default: 10GB)' - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - pidsLimit: - description: pidsLimit specifies the maximum number of processes - allowed in a container - format: int64 - type: integer - type: object - machineConfigPoolSelector: - description: MachineConfigPoolSelector selects which pools the ContainerRuntimeConfig - shoud apply to. A nil selector will result in no pools being selected. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - containerRuntimeConfig - type: object - status: - description: ContainerRuntimeConfigStatus defines the observed state of - a ContainerRuntimeConfig - properties: - conditions: - description: conditions represents the latest available observations - of current state. - items: - description: ContainerRuntimeConfigCondition defines the state of - the ContainerRuntimeConfig - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status object. - format: date-time - nullable: true - type: string - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. - type: string - reason: - description: reason is the reason for the condition's last transition. Reasons - are PascalCase - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the state of the operator's reconciliation - functionality. - type: string - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration represents the generation observed - by the controller. - format: int64 - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_controllerconfig-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_controllerconfig-CustomNoUpgrade.crd.yaml deleted file mode 100644 index 90d342e1d8e..00000000000 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_controllerconfig-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,2694 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1453 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - labels: - openshift.io/operator-managed: "" - name: controllerconfigs.machineconfiguration.openshift.io -spec: - group: machineconfiguration.openshift.io - names: - kind: ControllerConfig - listKind: ControllerConfigList - plural: controllerconfigs - singular: controllerconfig - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ControllerConfig describes configuration for MachineConfigController. - This is currently only used to drive the MachineConfig objects generated - by the TemplateController. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ControllerConfigSpec is the spec for ControllerConfig resource. - properties: - additionalTrustBundle: - description: additionalTrustBundle is a certificate bundle that will - be added to the nodes trusted certificate store. - format: byte - nullable: true - type: string - baseOSContainerImage: - description: BaseOSContainerImage is the new-format container image - for operating system updates. - type: string - baseOSExtensionsContainerImage: - description: BaseOSExtensionsContainerImage is the matching extensions - container for the new-format container - type: string - cloudProviderCAData: - description: cloudProvider specifies the cloud provider CA data - format: byte - nullable: true - type: string - cloudProviderConfig: - description: cloudProviderConfig is the configuration for the given - cloud provider - type: string - clusterDNSIP: - description: clusterDNSIP is the cluster DNS IP address - type: string - dns: - description: dns holds the cluster dns details - nullable: true - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: 'metadata is the standard object''s metadata. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - spec: - description: spec holds user settable values for configuration - properties: - baseDomain: - description: "baseDomain is the base domain of the cluster. - All managed DNS records will be sub-domains of this base. - \n For example, given the base domain `openshift.example.com`, - an API server DNS record may be created for `cluster-api.openshift.example.com`. - \n Once set, this field cannot be changed." - type: string - platform: - description: platform holds configuration specific to the - underlying infrastructure provider for DNS. When omitted, - this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject - to change over time. - properties: - aws: - description: aws contains DNS configuration specific to - the Amazon Web Services cloud provider. - properties: - privateZoneIAMRole: - description: privateZoneIAMRole contains the ARN of - an IAM role that should be assumed when performing - operations on the cluster's private hosted zone - specified in the cluster DNS config. When left empty, - no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ - type: string - type: object - type: - description: "type is the underlying infrastructure provider - for the cluster. Allowed values: \"\", \"AWS\". \n Individual - components may not support all platforms, and must handle - unrecognized platforms with best-effort defaults." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - x-kubernetes-validations: - - message: allowed values are '' and 'AWS' - rule: self in ['','AWS'] - required: - - type - type: object - x-kubernetes-validations: - - message: aws configuration is required when platform is - AWS, and forbidden otherwise - rule: 'has(self.type) && self.type == ''AWS'' ? has(self.aws) - : !has(self.aws)' - privateZone: - description: "privateZone is the location where all the DNS - records that are only available internally to the cluster - exist. \n If this field is nil, no private records should - be created. \n Once set, this field cannot be changed." - properties: - id: - description: "id is the identifier that can be used to - find the DNS hosted zone. \n on AWS zone can be fetched - using `ID` as id in [1] on Azure zone can be fetched - using `ID` as a pre-determined name in [2], on GCP zone - can be fetched using `ID` as a pre-determined name in - [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" - type: string - tags: - additionalProperties: - type: string - description: "tags can be used to query the DNS hosted - zone. \n on AWS, resourcegroupstaggingapi [1] can be - used to fetch a zone using `Tags` as tag-filters, \n - [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" - type: object - type: object - publicZone: - description: "publicZone is the location where all the DNS - records that are publicly accessible to the internet exist. - \n If this field is nil, no public records should be created. - \n Once set, this field cannot be changed." - properties: - id: - description: "id is the identifier that can be used to - find the DNS hosted zone. \n on AWS zone can be fetched - using `ID` as id in [1] on Azure zone can be fetched - using `ID` as a pre-determined name in [2], on GCP zone - can be fetched using `ID` as a pre-determined name in - [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" - type: string - tags: - additionalProperties: - type: string - description: "tags can be used to query the DNS hosted - zone. \n on AWS, resourcegroupstaggingapi [1] can be - used to fetch a zone using `Tags` as tag-filters, \n - [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" - type: object - type: object - type: object - status: - description: status holds observed values from the cluster. They - may not be overridden. - type: object - required: - - spec - type: object - x-kubernetes-embedded-resource: true - etcdDiscoveryDomain: - description: etcdDiscoveryDomain is deprecated, use Infra.Status.EtcdDiscoveryDomain - instead - type: string - imageRegistryBundleData: - description: imageRegistryBundleData is the ImageRegistryData - items: - description: ImageRegistryBundle contains information for writing - image registry certificates - properties: - data: - description: data holds the contents of the bundle that will - be written to the file location - format: byte - type: string - file: - description: file holds the name of the file where the bundle - will be written to disk - type: string - required: - - data - - file - type: object - type: array - x-kubernetes-list-type: atomic - imageRegistryBundleUserData: - description: imageRegistryBundleUserData is Image Registry Data provided - by the user - items: - description: ImageRegistryBundle contains information for writing - image registry certificates - properties: - data: - description: data holds the contents of the bundle that will - be written to the file location - format: byte - type: string - file: - description: file holds the name of the file where the bundle - will be written to disk - type: string - required: - - data - - file - type: object - type: array - x-kubernetes-list-type: atomic - images: - additionalProperties: - type: string - description: images is map of images that are used by the controller - to render templates under ./templates/ - type: object - infra: - description: infra holds the infrastructure details - nullable: true - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: 'metadata is the standard object''s metadata. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - spec: - description: spec holds user settable values for configuration - properties: - cloudConfig: - description: "cloudConfig is a reference to a ConfigMap containing - the cloud provider configuration file. This configuration - file is used to configure the Kubernetes cloud provider - integration when using the built-in cloud provider integration - or the external cloud controller manager. The namespace - for this config map is openshift-config. \n cloudConfig - should only be consumed by the kube_cloud_config controller. - The controller is responsible for using the user configuration - in the spec for various platforms and combining that with - the user provided ConfigMap in this field to create a stitched - kube cloud config. The controller generates a ConfigMap - `kube-cloud-config` in `openshift-config-managed` namespace - with the kube cloud config is stored in `cloud.conf` key. - All the clients are expected to use the generated ConfigMap - only." - properties: - key: - description: Key allows pointing to a specific key/value - inside of the configmap. This is useful for logical - file references. - type: string - name: - type: string - type: object - platformSpec: - description: platformSpec holds desired information specific - to the underlying infrastructure provider. - properties: - alibabaCloud: - description: AlibabaCloud contains settings specific to - the Alibaba Cloud infrastructure provider. - type: object - aws: - description: AWS contains settings specific to the Amazon - Web Services infrastructure provider. - properties: - serviceEndpoints: - description: serviceEndpoints list contains custom - endpoints which will override default service endpoint - of AWS Services. There must be only one ServiceEndpoint - for a service. - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults - of AWS Services. - properties: - name: - description: name is the name of the AWS service. - The list of all the service names can be found - at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with - scheme https, that overrides the default generated - endpoint for a client. This must be provided - and cannot be empty. - pattern: ^https:// - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - azure: - description: Azure contains settings specific to the Azure - infrastructure provider. - type: object - baremetal: - description: BareMetal contains settings specific to the - BareMetal platform. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. - When omitted, values from the status.apiServerInternalIPs - will be used. Once set, the list cannot be completely - removed (but its second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most - one IPv4 address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IP addresses, one - from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. - Once set, the list cannot be completely removed - (but its second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used - to connect all the OpenShift cluster nodes. Each - network is provided in the CIDR format and should - be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR - notation (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once - set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - equinixMetal: - description: EquinixMetal contains settings specific to - the Equinix Metal infrastructure provider. - type: object - external: - description: ExternalPlatformType represents generic infrastructure - provider. Platform-specific components should be supplemented - separately. - properties: - platformName: - default: Unknown - description: PlatformName holds the arbitrary string - representing the infrastructure provider name, expected - to be set at the installation time. This field is - solely for informational and reporting purposes - and is not expected to be used for decision-making. - type: string - x-kubernetes-validations: - - message: platform name cannot be changed once set - rule: oldSelf == 'Unknown' || self == oldSelf - type: object - gcp: - description: GCP contains settings specific to the Google - Cloud Platform infrastructure provider. - type: object - ibmcloud: - description: IBMCloud contains settings specific to the - IBMCloud infrastructure provider. - type: object - kubevirt: - description: Kubevirt contains settings specific to the - kubevirt infrastructure provider. - type: object - nutanix: - description: Nutanix contains settings specific to the - Nutanix infrastructure provider. - properties: - failureDomains: - description: failureDomains configures failure domains - information for the Nutanix platform. When set, - the failure domains defined here may be used to - spread Machines across prism element clusters to - improve fault tolerance of the cluster. - items: - description: NutanixFailureDomain configures failure - domain information for the Nutanix platform. - properties: - cluster: - description: cluster is to identify the cluster - (the Prism Element under management of the - Prism Central), in which the Machine's VM - will be created. The cluster identifier (uuid - or name) can be obtained from the Prism Central - console or using the prism_central API. - properties: - name: - description: name is the resource name in - the PC. It cannot be empty if the type - is Name. - type: string - type: - description: type is the identifier type - to use for this resource. - enum: - - UUID - - Name - type: string - uuid: - description: uuid is the UUID of the resource - in the PC. It cannot be empty if the type - is UUID. - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: uuid configuration is required when - type is UUID, and forbidden otherwise - rule: 'has(self.type) && self.type == ''UUID'' - ? has(self.uuid) : !has(self.uuid)' - - message: name configuration is required when - type is Name, and forbidden otherwise - rule: 'has(self.type) && self.type == ''Name'' - ? has(self.name) : !has(self.name)' - name: - description: name defines the unique name of - a failure domain. Name is required and must - be at most 64 characters in length. It must - consist of only lower case alphanumeric characters - and hyphens (-). It must start and end with - an alphanumeric character. This value is arbitrary - and is used to identify the failure domain - within the platform. - maxLength: 64 - minLength: 1 - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' - type: string - subnets: - description: subnets holds a list of identifiers - (one or more) of the cluster's network subnets - for the Machine's VM to connect to. The subnet - identifiers (uuid or name) can be obtained - from the Prism Central console or using the - prism_central API. - items: - description: NutanixResourceIdentifier holds - the identity of a Nutanix PC resource (cluster, - image, subnet, etc.) - properties: - name: - description: name is the resource name - in the PC. It cannot be empty if the - type is Name. - type: string - type: - description: type is the identifier type - to use for this resource. - enum: - - UUID - - Name - type: string - uuid: - description: uuid is the UUID of the resource - in the PC. It cannot be empty if the - type is UUID. - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: uuid configuration is required - when type is UUID, and forbidden otherwise - rule: 'has(self.type) && self.type == ''UUID'' - ? has(self.uuid) : !has(self.uuid)' - - message: name configuration is required - when type is Name, and forbidden otherwise - rule: 'has(self.type) && self.type == ''Name'' - ? has(self.name) : !has(self.name)' - maxItems: 1 - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - required: - - cluster - - name - - subnets - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - prismCentral: - description: prismCentral holds the endpoint address - and port to access the Nutanix Prism Central. When - a cluster-wide proxy is installed, by default, this - endpoint will be accessed via the proxy. Should - you wish for communication with this endpoint not - to be proxied, please add the endpoint to the proxy - spec.noProxy list. - properties: - address: - description: address is the endpoint address (DNS - name or IP address) of the Nutanix Prism Central - or Element (cluster) - maxLength: 256 - type: string - port: - description: port is the port number to access - the Nutanix Prism Central or Element (cluster) - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - prismElements: - description: prismElements holds one or more endpoint - address and port data to access the Nutanix Prism - Elements (clusters) of the Nutanix Prism Central. - Currently we only support one Prism Element (cluster) - for an OpenShift cluster, where all the Nutanix - resources (VMs, subnets, volumes, etc.) used in - the OpenShift cluster are located. In the future, - we may support Nutanix resources (VMs, etc.) spread - over multiple Prism Elements (clusters) of the Prism - Central. - items: - description: NutanixPrismElementEndpoint holds the - name and endpoint data for a Prism Element (cluster) - properties: - endpoint: - description: endpoint holds the endpoint address - and port data of the Prism Element (cluster). - When a cluster-wide proxy is installed, by - default, this endpoint will be accessed via - the proxy. Should you wish for communication - with this endpoint not to be proxied, please - add the endpoint to the proxy spec.noProxy - list. - properties: - address: - description: address is the endpoint address - (DNS name or IP address) of the Nutanix - Prism Central or Element (cluster) - maxLength: 256 - type: string - port: - description: port is the port number to - access the Nutanix Prism Central or Element - (cluster) - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - name: - description: name is the name of the Prism Element - (cluster). This value will correspond with - the cluster field configured on other resources - (eg Machines, PVCs, etc). - maxLength: 256 - type: string - required: - - endpoint - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - prismCentral - - prismElements - type: object - openstack: - description: OpenStack contains settings specific to the - OpenStack infrastructure provider. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. - When omitted, values from the status.apiServerInternalIPs - will be used. Once set, the list cannot be completely - removed (but its second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most - one IPv4 address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IP addresses, one - from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. - Once set, the list cannot be completely removed - (but its second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used - to connect all the OpenShift cluster nodes. Each - network is provided in the CIDR format and should - be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR - notation (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once - set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - ovirt: - description: Ovirt contains settings specific to the oVirt - infrastructure provider. - type: object - powervs: - description: PowerVS contains settings specific to the - IBM Power Systems Virtual Servers infrastructure provider. - properties: - serviceEndpoints: - description: serviceEndpoints is a list of custom - endpoints which will override the default service - endpoints of a Power VS service. - items: - description: PowervsServiceEndpoint stores the configuration - of a custom url to override existing defaults - of PowerVS Services. - properties: - name: - description: name is the name of the Power VS - service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api - ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller - Power Cloud - https://cloud.ibm.com/apidocs/power-cloud - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with - scheme https, that overrides the default generated - endpoint for a client. This must be provided - and cannot be empty. - format: uri - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: - description: type is the underlying infrastructure provider - for the cluster. This value controls whether infrastructure - automation such as service load balancers, dynamic volume - provisioning, machine creation and deletion, and other - integrations are enabled. If None, no infrastructure - automation is enabled. Allowed values are "AWS", "Azure", - "BareMetal", "GCP", "Libvirt", "OpenStack", "VSphere", - "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", - "Nutanix" and "None". Individual components may not - support all platforms, and must handle unrecognized - platforms as None if they do not support that platform. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: VSphere contains settings specific to the - VSphere infrastructure provider. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. - When omitted, values from the status.apiServerInternalIPs - will be used. Once set, the list cannot be completely - removed (but its second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most - one IPv4 address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - failureDomains: - description: failureDomains contains the definition - of region, zone and the vCenter topology. If this - is omitted failure domains (regions and zones) will - not be used. - items: - description: VSpherePlatformFailureDomainSpec holds - the region and zone failure domain and the vCenter - topology of that failure domain. - properties: - name: - description: name defines the arbitrary but - unique name of a failure domain. - maxLength: 256 - minLength: 1 - type: string - region: - description: region defines the name of a region - tag that will be attached to a vCenter datacenter. - The tag category in vCenter must be named - openshift-region. - maxLength: 80 - minLength: 1 - type: string - server: - description: server is the fully-qualified domain - name or the IP address of the vCenter server. - --- - maxLength: 255 - minLength: 1 - type: string - topology: - description: Topology describes a given failure - domain using vSphere constructs - properties: - computeCluster: - description: computeCluster the absolute - path of the vCenter cluster in which virtual - machine will be located. The absolute - path is of the form //host/. - The maximum length of the path is 2048 - characters. - maxLength: 2048 - pattern: ^/.*?/host/.*? - type: string - datacenter: - description: datacenter is the name of vCenter - datacenter in which virtual machines will - be located. The maximum length of the - datacenter name is 80 characters. - maxLength: 80 - type: string - datastore: - description: datastore is the absolute path - of the datastore in which the virtual - machine is located. The absolute path - is of the form //datastore/ - The maximum length of the path is 2048 - characters. - maxLength: 2048 - pattern: ^/.*?/datastore/.*? - type: string - folder: - description: folder is the absolute path - of the folder where virtual machines are - located. The absolute path is of the form - //vm/. The maximum - length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/vm/.*? - type: string - networks: - description: networks is the list of port - group network names within this failure - domain. Currently, we only support a single - interface per RHCOS virtual machine. The - available networks (port groups) can be - listed using `govc ls 'network/*'` The - single interface should be the absolute - path of the form //network/. - items: - type: string - maxItems: 1 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - resourcePool: - description: resourcePool is the absolute - path of the resource pool where virtual - machines will be created. The absolute - path is of the form //host//Resources/. - The maximum length of the path is 2048 - characters. - maxLength: 2048 - pattern: ^/.*?/host/.*?/Resources.* - type: string - template: - description: "template is the full inventory - path of the virtual machine or template - that will be cloned when creating new - machines in this failure domain. The maximum - length of the path is 2048 characters. - \n When omitted, the template will be - calculated by the control plane machineset - operator based on the region and zone - defined in VSpherePlatformFailureDomainSpec. - For example, for zone=zonea, region=region1, - and infrastructure name=test, the template - path would be calculated as //vm/test-rhcos-region1-zonea." - maxLength: 2048 - minLength: 1 - pattern: ^/.*?/vm/.*? - type: string - required: - - computeCluster - - datacenter - - datastore - - networks - type: object - zone: - description: zone defines the name of a zone - tag that will be attached to a vCenter cluster. - The tag category in vCenter must be named - openshift-zone. - maxLength: 80 - minLength: 1 - type: string - required: - - name - - region - - server - - topology - - zone - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IP addresses, one - from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. - Once set, the list cannot be completely removed - (but its second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used - to connect all the OpenShift cluster nodes. Each - network is provided in the CIDR format and should - be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR - notation (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeNetworking: - description: nodeNetworking contains the definition - of internal and external network constraints for - assigning the node's networking. If this field is - omitted, networking defaults to the legacy address - selection behavior which is to only support a single - address and return the first one found. - properties: - external: - description: external represents the network configuration - of the node that is externally routable. - properties: - excludeNetworkSubnetCidr: - description: excludeNetworkSubnetCidr IP addresses - in subnet ranges will be excluded when selecting - the IP address from the VirtualMachine's - VM for use in the status.addresses fields. - --- - items: - type: string - type: array - x-kubernetes-list-type: atomic - network: - description: network VirtualMachine's VM Network - names that will be used to when searching - for status.addresses fields. Note that if - internal.networkSubnetCIDR and external.networkSubnetCIDR - are not set, then the vNIC associated to - this network must only have a single IP - address assigned to it. The available networks - (port groups) can be listed using `govc - ls 'network/*'` - type: string - networkSubnetCidr: - description: networkSubnetCidr IP address - on VirtualMachine's network interfaces included - in the fields' CIDRs that will be used in - respective status.addresses fields. --- - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - internal: - description: internal represents the network configuration - of the node that is routable only within the - cluster. - properties: - excludeNetworkSubnetCidr: - description: excludeNetworkSubnetCidr IP addresses - in subnet ranges will be excluded when selecting - the IP address from the VirtualMachine's - VM for use in the status.addresses fields. - --- - items: - type: string - type: array - x-kubernetes-list-type: atomic - network: - description: network VirtualMachine's VM Network - names that will be used to when searching - for status.addresses fields. Note that if - internal.networkSubnetCIDR and external.networkSubnetCIDR - are not set, then the vNIC associated to - this network must only have a single IP - address assigned to it. The available networks - (port groups) can be listed using `govc - ls 'network/*'` - type: string - networkSubnetCidr: - description: networkSubnetCidr IP address - on VirtualMachine's network interfaces included - in the fields' CIDRs that will be used in - respective status.addresses fields. --- - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - type: object - vcenters: - description: vcenters holds the connection details - for services to communicate with vCenter. Currently, - only a single vCenter is supported. --- - items: - description: VSpherePlatformVCenterSpec stores the - vCenter connection fields. This is used by the - vSphere CCM. - properties: - datacenters: - description: The vCenter Datacenters in which - the RHCOS vm guests are located. This field - will be used by the Cloud Controller Manager. - Each datacenter listed here should be used - within a topology. - items: - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - port: - description: port is the TCP port that will - be used to communicate to the vCenter endpoint. - When omitted, this means the user has no opinion - and it is up to the platform to choose a sensible - default, which is subject to change over time. - format: int32 - maximum: 32767 - minimum: 1 - type: integer - server: - description: server is the fully-qualified domain - name or the IP address of the vCenter server. - --- - maxLength: 255 - type: string - required: - - datacenters - - server - type: object - maxItems: 1 - minItems: 0 - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once - set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - type: object - type: object - status: - description: status holds observed values from the cluster. They - may not be overridden. - properties: - apiServerInternalURI: - description: apiServerInternalURL is a valid URI with scheme - 'https', address and optionally a port (defaulting to 443). apiServerInternalURL - can be used by components like kubelets, to contact the - Kubernetes API server using the infrastructure provider - rather than Kubernetes networking. - type: string - apiServerURL: - description: apiServerURL is a valid URI with scheme 'https', - address and optionally a port (defaulting to 443). apiServerURL - can be used by components like the web console to tell users - where to find the Kubernetes API. - type: string - controlPlaneTopology: - default: HighlyAvailable - description: controlPlaneTopology expresses the expectations - for operands that normally run on control nodes. The default - is 'HighlyAvailable', which represents the behavior operators - have in a "normal" cluster. The 'SingleReplica' mode will - be used in single-node deployments and the operators should - not configure the operand for highly-available operation - The 'External' mode indicates that the control plane is - hosted externally to the cluster and that its components - are not visible within the cluster. - enum: - - HighlyAvailable - - SingleReplica - - External - type: string - cpuPartitioning: - default: None - description: cpuPartitioning expresses if CPU partitioning - is a currently enabled feature in the cluster. CPU Partitioning - means that this cluster can support partitioning workloads - to specific CPU Sets. Valid values are "None" and "AllNodes". - When omitted, the default value is "None". The default value - of "None" indicates that no nodes will be setup with CPU - partitioning. The "AllNodes" value indicates that all nodes - have been setup with CPU partitioning, and can then be further - configured via the PerformanceProfile API. - enum: - - None - - AllNodes - type: string - etcdDiscoveryDomain: - description: 'etcdDiscoveryDomain is the domain used to fetch - the SRV records for discovering etcd servers and clients. - For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery - deprecated: as of 4.7, this field is no longer set or honored. It - will be removed in a future release.' - type: string - infrastructureName: - description: infrastructureName uniquely identifies a cluster - with a human friendly name. Once set it should not be changed. - Must be of max length 27 and must have only alphanumeric - or hyphen characters. - type: string - infrastructureTopology: - default: HighlyAvailable - description: 'infrastructureTopology expresses the expectations - for infrastructure services that do not run on control plane - nodes, usually indicated by a node selector for a `role` - value other than `master`. The default is ''HighlyAvailable'', - which represents the behavior operators have in a "normal" - cluster. The ''SingleReplica'' mode will be used in single-node - deployments and the operators should not configure the operand - for highly-available operation NOTE: External topology mode - is not applicable for this field.' - enum: - - HighlyAvailable - - SingleReplica - type: string - platform: - description: "platform is the underlying infrastructure provider - for the cluster. \n Deprecated: Use platformStatus.type - instead." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - platformStatus: - description: platformStatus holds status information specific - to the underlying infrastructure provider. - properties: - alibabaCloud: - description: AlibabaCloud contains settings specific to - the Alibaba Cloud infrastructure provider. - properties: - region: - description: region specifies the region for Alibaba - Cloud resources created for the cluster. - pattern: ^[0-9A-Za-z-]+$ - type: string - resourceGroupID: - description: resourceGroupID is the ID of the resource - group for the cluster. - pattern: ^(rg-[0-9A-Za-z]+)?$ - type: string - resourceTags: - description: resourceTags is a list of additional - tags to apply to Alibaba Cloud resources created - for the cluster. - items: - description: AlibabaCloudResourceTag is the set - of tags to add to apply to resources. - properties: - key: - description: key is the key of the tag. - maxLength: 128 - minLength: 1 - type: string - value: - description: value is the value of the tag. - maxLength: 128 - minLength: 1 - type: string - required: - - key - - value - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - required: - - region - type: object - aws: - description: AWS contains settings specific to the Amazon - Web Services infrastructure provider. - properties: - region: - description: region holds the default AWS region for - new AWS resources created by the cluster. - type: string - resourceTags: - description: resourceTags is a list of additional - tags to apply to AWS resources created for the cluster. - See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html - for information on tagging AWS resources. AWS supports - a maximum of 50 tags per resource. OpenShift reserves - 25 tags for its use, leaving 25 tags available for - the user. - items: - description: AWSResourceTag is a tag to apply to - AWS resources created for the cluster. - properties: - key: - description: key is the key of the tag - maxLength: 128 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - value: - description: value is the value of the tag. - Some AWS service do not support empty values. - Since tags are added to resources in many - services, the length of the tag value must - meet the requirements of all services. - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 25 - type: array - x-kubernetes-list-type: atomic - serviceEndpoints: - description: ServiceEndpoints list contains custom - endpoints which will override default service endpoint - of AWS Services. There must be only one ServiceEndpoint - for a service. - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults - of AWS Services. - properties: - name: - description: name is the name of the AWS service. - The list of all the service names can be found - at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with - scheme https, that overrides the default generated - endpoint for a client. This must be provided - and cannot be empty. - pattern: ^https:// - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - azure: - description: Azure contains settings specific to the Azure - infrastructure provider. - properties: - armEndpoint: - description: armEndpoint specifies a URL to use for - resource management in non-soverign clouds such - as Azure Stack. - type: string - cloudName: - description: cloudName is the name of the Azure cloud - environment which can be used to configure the Azure - SDK with the appropriate Azure API endpoints. If - empty, the value is equal to `AzurePublicCloud`. - enum: - - "" - - AzurePublicCloud - - AzureUSGovernmentCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureStackCloud - type: string - networkResourceGroupName: - description: networkResourceGroupName is the Resource - Group for network resources like the Virtual Network - and Subnets used by the cluster. If empty, the value - is same as ResourceGroupName. - type: string - resourceGroupName: - description: resourceGroupName is the Resource Group - for new Azure resources created for the cluster. - type: string - resourceTags: - description: resourceTags is a list of additional - tags to apply to Azure resources created for the - cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags - for information on tagging Azure resources. Due - to limitations on Automation, Content Delivery Network, - DNS Azure resources, a maximum of 15 tags may be - applied. OpenShift reserves 5 tags for internal - use, allowing 10 tags for user configuration. - items: - description: AzureResourceTag is a tag to apply - to Azure resources created for the cluster. - properties: - key: - description: key is the key part of the tag. - A tag key can have a maximum of 128 characters - and cannot be empty. Key must begin with a - letter, end with a letter, number or underscore, - and must contain only alphanumeric characters - and the following special characters `_ . - -`. - maxLength: 128 - minLength: 1 - pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$ - type: string - value: - description: 'value is the value part of the - tag. A tag value can have a maximum of 256 - characters and cannot be empty. Value must - contain only alphanumeric characters and the - following special characters `_ + , - . / - : ; < = > ? @`.' - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 10 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: resourceTags are immutable and may only - be configured during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, - x in self) - type: object - x-kubernetes-validations: - - message: resourceTags may only be configured during - installation - rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) - || has(oldSelf.resourceTags) && has(self.resourceTags)' - baremetal: - description: BareMetal contains settings specific to the - BareMetal platform. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. \n Deprecated: Use - APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. \n Deprecated: Use IngressIPs - instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IPs otherwise only - one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer - used by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer - used by the cluster on BareMetal platform which - can be a user-managed or openshift-managed load - balancer that is to be used for the OpenShift - API and Ingress endpoints. When set to OpenShiftManagedDefault - the static pods in charge of API and Ingress - traffic load-balancing defined in the machine - config operator will be deployed. When set to - UserManaged these static pods will not be deployed - and it is expected that the load balancer is - configured out of band by the deployer. When - omitted, this means no opinion and the platform - is left to choose a reasonable default. The - default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used - to connect all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR - notation (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by - the DNS operator, `NodeDNSIP` provides name resolution - for the nodes themselves. There is no DNS-as-a-service - for BareMetal deployments. In order to minimize - necessary changes to the datacenter DNS, a DNS service - is hosted as a static pod to serve those hostnames - to the nodes in the cluster. - type: string - type: object - equinixMetal: - description: EquinixMetal contains settings specific to - the Equinix Metal infrastructure provider. - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. - type: string - type: object - external: - description: External contains settings specific to the - generic External infrastructure provider. - properties: - cloudControllerManager: - description: cloudControllerManager contains settings - specific to the external Cloud Controller Manager - (a.k.a. CCM or CPI). When omitted, new nodes will - be not tainted and no extra initialization from - the cloud controller manager is expected. - properties: - state: - description: "state determines whether or not - an external Cloud Controller Manager is expected - to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager - \n Valid values are \"External\", \"None\" and - omitted. When set to \"External\", new nodes - will be tainted as uninitialized when created, - preventing them from running workloads until - they are initialized by the cloud controller - manager. When omitted or set to \"None\", new - nodes will be not tainted and no extra initialization - from the cloud controller manager is expected." - enum: - - "" - - External - - None - type: string - x-kubernetes-validations: - - message: state is immutable once set - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: state may not be added or removed once - set - rule: (has(self.state) == has(oldSelf.state)) || - (!has(oldSelf.state) && self.state != "External") - type: object - x-kubernetes-validations: - - message: cloudControllerManager may not be added or - removed once set - rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager) - gcp: - description: GCP contains settings specific to the Google - Cloud Platform infrastructure provider. - properties: - cloudLoadBalancerConfig: - default: - dnsType: PlatformDefault - description: cloudLoadBalancerConfig is a union that - contains the IP addresses of API, API-Int and Ingress - Load Balancers created on the cloud platform. These - values would not be populated on on-prem platforms. - These Load Balancer IPs are used to configure the - in-cluster DNS instances for API, API-Int and Ingress - services. `dnsType` is expected to be set to `ClusterHosted` - when these Load Balancer IP addresses are populated - and used. - nullable: true - properties: - clusterHosted: - description: clusterHosted holds the IP addresses - of API, API-Int and Ingress Load Balancers on - Cloud Platforms. The DNS solution hosted within - the cluster use these IP addresses to provide - resolution for API, API-Int and Ingress services. - properties: - apiIntLoadBalancerIPs: - description: apiIntLoadBalancerIPs holds Load - Balancer IPs for the internal API service. - These Load Balancer IP addresses can be - IPv4 and/or IPv6 addresses. Entries in the - apiIntLoadBalancerIPs must be unique. A - maximum of 16 IP addresses are permitted. - format: ip - items: - description: IP is an IP address (for example, - "10.0.0.0" or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 16 - type: array - x-kubernetes-list-type: set - apiLoadBalancerIPs: - description: apiLoadBalancerIPs holds Load - Balancer IPs for the API service. These - Load Balancer IP addresses can be IPv4 and/or - IPv6 addresses. Could be empty for private - clusters. Entries in the apiLoadBalancerIPs - must be unique. A maximum of 16 IP addresses - are permitted. - format: ip - items: - description: IP is an IP address (for example, - "10.0.0.0" or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 16 - type: array - x-kubernetes-list-type: set - ingressLoadBalancerIPs: - description: ingressLoadBalancerIPs holds - IPs for Ingress Load Balancers. These Load - Balancer IP addresses can be IPv4 and/or - IPv6 addresses. Entries in the ingressLoadBalancerIPs - must be unique. A maximum of 16 IP addresses - are permitted. - format: ip - items: - description: IP is an IP address (for example, - "10.0.0.0" or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 16 - type: array - x-kubernetes-list-type: set - type: object - dnsType: - default: PlatformDefault - description: dnsType indicates the type of DNS - solution in use within the cluster. Its default - value of `PlatformDefault` indicates that the - cluster's DNS is the default provided by the - cloud platform. It can be set to `ClusterHosted` - to bypass the configuration of the cloud default - DNS. In this mode, the cluster needs to provide - a self-hosted DNS solution for the cluster's - installation to succeed. The cluster's use of - the cloud's Load Balancers is unaffected by - this setting. The value is immutable after it - has been set at install time. Currently, there - is no way for the customer to add additional - DNS entries into the cluster hosted DNS. Enabling - this functionality allows the user to start - their own DNS solution outside the cluster after - installation is complete. The customer would - be responsible for configuring this custom DNS - solution, and it can be run in addition to the - in-cluster DNS solution. - enum: - - ClusterHosted - - PlatformDefault - type: string - x-kubernetes-validations: - - message: dnsType is immutable - rule: oldSelf == '' || self == oldSelf - type: object - x-kubernetes-validations: - - message: clusterHosted is permitted only when dnsType - is ClusterHosted - rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted'' - ? !has(self.clusterHosted) : true' - projectID: - description: resourceGroupName is the Project ID for - new GCP resources created for the cluster. - type: string - region: - description: region holds the region for new GCP resources - created for the cluster. - type: string - resourceLabels: - description: resourceLabels is a list of additional - labels to apply to GCP resources created for the - cluster. See https://cloud.google.com/compute/docs/labeling-resources - for information on labeling GCP resources. GCP supports - a maximum of 64 labels per resource. OpenShift reserves - 32 labels for internal use, allowing 32 labels for - user configuration. - items: - description: GCPResourceLabel is a label to apply - to GCP resources created for the cluster. - properties: - key: - description: key is the key part of the label. - A label key can have a maximum of 63 characters - and cannot be empty. Label key must begin - with a lowercase letter, and must contain - only lowercase letters, numeric characters, - and the following special characters `_-`. - Label key must not have the reserved prefixes - `kubernetes-io` and `openshift-io`. - maxLength: 63 - minLength: 1 - pattern: ^[a-z][0-9a-z_-]{0,62}$ - type: string - x-kubernetes-validations: - - message: label keys must not start with either - `openshift-io` or `kubernetes-io` - rule: '!self.startsWith(''openshift-io'') - && !self.startsWith(''kubernetes-io'')' - value: - description: value is the value part of the - label. A label value can have a maximum of - 63 characters and cannot be empty. Value must - contain only lowercase letters, numeric characters, - and the following special characters `_-`. - maxLength: 63 - minLength: 1 - pattern: ^[0-9a-z_-]{1,63}$ - type: string - required: - - key - - value - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: resourceLabels are immutable and may only - be configured during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, - x in self) - resourceTags: - description: resourceTags is a list of additional - tags to apply to GCP resources created for the cluster. - See https://cloud.google.com/resource-manager/docs/tags/tags-overview - for information on tagging GCP resources. GCP supports - a maximum of 50 tags per resource. - items: - description: GCPResourceTag is a tag to apply to - GCP resources created for the cluster. - properties: - key: - description: key is the key part of the tag. - A tag key can have a maximum of 63 characters - and cannot be empty. Tag key must begin and - end with an alphanumeric character, and must - contain only uppercase, lowercase alphanumeric - characters, and the following special characters - `._-`. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ - type: string - parentID: - description: 'parentID is the ID of the hierarchical - resource where the tags are defined, e.g. - at the Organization or the Project level. - To find the Organization or Project ID refer - to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, - https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. - An OrganizationID must consist of decimal - numbers, and cannot have leading zeroes. A - ProjectID must be 6 to 30 characters in length, - can only contain lowercase letters, numbers, - and hyphens, and must start with a letter, - and cannot end with a hyphen.' - maxLength: 32 - minLength: 1 - pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) - type: string - value: - description: value is the value part of the - tag. A tag value can have a maximum of 63 - characters and cannot be empty. Tag value - must begin and end with an alphanumeric character, - and must contain only uppercase, lowercase - alphanumeric characters, and the following - special characters `_-.@%=+:,*#&(){}[]` and - spaces. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ - type: string - required: - - key - - parentID - - value - type: object - maxItems: 50 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: resourceTags are immutable and may only - be configured during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, - x in self) - type: object - x-kubernetes-validations: - - message: resourceLabels may only be configured during - installation - rule: '!has(oldSelf.resourceLabels) && !has(self.resourceLabels) - || has(oldSelf.resourceLabels) && has(self.resourceLabels)' - - message: resourceTags may only be configured during - installation - rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) - || has(oldSelf.resourceTags) && has(self.resourceTags)' - ibmcloud: - description: IBMCloud contains settings specific to the - IBMCloud infrastructure provider. - properties: - cisInstanceCRN: - description: CISInstanceCRN is the CRN of the Cloud - Internet Services instance managing the DNS zone - for the cluster's base domain - type: string - dnsInstanceCRN: - description: DNSInstanceCRN is the CRN of the DNS - Services instance managing the DNS zone for the - cluster's base domain - type: string - location: - description: Location is where the cluster has been - deployed - type: string - providerType: - description: ProviderType indicates the type of cluster - that was created - type: string - resourceGroupName: - description: ResourceGroupName is the Resource Group - for new IBMCloud resources created for the cluster. - type: string - serviceEndpoints: - description: serviceEndpoints is a list of custom - endpoints which will override the default service - endpoints of an IBM Cloud service. These endpoints - are consumed by components within the cluster to - reach the respective IBM Cloud Services. - items: - description: IBMCloudServiceEndpoint stores the - configuration of a custom url to override existing - defaults of IBM Cloud Services. - properties: - name: - description: 'name is the name of the IBM Cloud - service. Possible values are: CIS, COS, DNSServices, - GlobalSearch, GlobalTagging, HyperProtect, - IAM, KeyProtect, ResourceController, ResourceManager, - or VPC. For example, the IBM Cloud Private - IAM service could be configured with the service - `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` - Whereas the IBM Cloud Private VPC service - for US South (Dallas) could be configured - with the service `name` of `VPC` and `url` - of `https://us.south.private.iaas.cloud.ibm.com`' - enum: - - CIS - - COS - - DNSServices - - GlobalSearch - - GlobalTagging - - HyperProtect - - IAM - - KeyProtect - - ResourceController - - ResourceManager - - VPC - type: string - url: - description: url is fully qualified URI with - scheme https, that overrides the default generated - endpoint for a client. This must be provided - and cannot be empty. - type: string - x-kubernetes-validations: - - message: url must be a valid absolute URL - rule: isURL(self) - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - kubevirt: - description: Kubevirt contains settings specific to the - kubevirt infrastructure provider. - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. - type: string - type: object - nutanix: - description: Nutanix contains settings specific to the - Nutanix infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. \n Deprecated: Use - APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. \n Deprecated: Use IngressIPs - instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IPs otherwise only - one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer - used by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer - used by the cluster on Nutanix platform which - can be a user-managed or openshift-managed load - balancer that is to be used for the OpenShift - API and Ingress endpoints. When set to OpenShiftManagedDefault - the static pods in charge of API and Ingress - traffic load-balancing defined in the machine - config operator will be deployed. When set to - UserManaged these static pods will not be deployed - and it is expected that the load balancer is - configured out of band by the deployer. When - omitted, this means no opinion and the platform - is left to choose a reasonable default. The - default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - type: object - openstack: - description: OpenStack contains settings specific to the - OpenStack infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. \n Deprecated: Use - APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - cloudName: - description: cloudName is the name of the desired - OpenStack cloud in the client configuration file - (`clouds.yaml`). - type: string - ingressIP: - description: "ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. \n Deprecated: Use IngressIPs - instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IPs otherwise only - one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer - used by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer - used by the cluster on OpenStack platform which - can be a user-managed or openshift-managed load - balancer that is to be used for the OpenShift - API and Ingress endpoints. When set to OpenShiftManagedDefault - the static pods in charge of API and Ingress - traffic load-balancing defined in the machine - config operator will be deployed. When set to - UserManaged these static pods will not be deployed - and it is expected that the load balancer is - configured out of band by the deployer. When - omitted, this means no opinion and the platform - is left to choose a reasonable default. The - default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used - to connect all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR - notation (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by - the DNS operator, `NodeDNSIP` provides name resolution - for the nodes themselves. There is no DNS-as-a-service - for OpenStack deployments. In order to minimize - necessary changes to the datacenter DNS, a DNS service - is hosted as a static pod to serve those hostnames - to the nodes in the cluster. - type: string - type: object - ovirt: - description: Ovirt contains settings specific to the oVirt - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. \n Deprecated: Use - APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. \n Deprecated: Use IngressIPs - instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IPs otherwise only - one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer - used by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer - used by the cluster on Ovirt platform which - can be a user-managed or openshift-managed load - balancer that is to be used for the OpenShift - API and Ingress endpoints. When set to OpenShiftManagedDefault - the static pods in charge of API and Ingress - traffic load-balancing defined in the machine - config operator will be deployed. When set to - UserManaged these static pods will not be deployed - and it is expected that the load balancer is - configured out of band by the deployer. When - omitted, this means no opinion and the platform - is left to choose a reasonable default. The - default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - nodeDNSIP: - description: 'deprecated: as of 4.6, this field is - no longer set or honored. It will be removed in - a future release.' - type: string - type: object - powervs: - description: PowerVS contains settings specific to the - Power Systems Virtual Servers infrastructure provider. - properties: - cisInstanceCRN: - description: CISInstanceCRN is the CRN of the Cloud - Internet Services instance managing the DNS zone - for the cluster's base domain - type: string - dnsInstanceCRN: - description: DNSInstanceCRN is the CRN of the DNS - Services instance managing the DNS zone for the - cluster's base domain - type: string - region: - description: region holds the default Power VS region - for new Power VS resources created by the cluster. - type: string - resourceGroup: - description: 'resourceGroup is the resource group - name for new IBMCloud resources created for a cluster. - The resource group specified here will be used by - cluster-image-registry-operator to set up a COS - Instance in IBMCloud for the cluster registry. More - about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. - When omitted, the image registry operator won''t - be able to configure storage, which results in the - image registry cluster operator not being in an - available state.' - maxLength: 40 - pattern: ^[a-zA-Z0-9-_ ]+$ - type: string - x-kubernetes-validations: - - message: resourceGroup is immutable once set - rule: oldSelf == '' || self == oldSelf - serviceEndpoints: - description: serviceEndpoints is a list of custom - endpoints which will override the default service - endpoints of a Power VS service. - items: - description: PowervsServiceEndpoint stores the configuration - of a custom url to override existing defaults - of PowerVS Services. - properties: - name: - description: name is the name of the Power VS - service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api - ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller - Power Cloud - https://cloud.ibm.com/apidocs/power-cloud - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with - scheme https, that overrides the default generated - endpoint for a client. This must be provided - and cannot be empty. - format: uri - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - zone: - description: 'zone holds the default zone for the - new Power VS resources created by the cluster. Note: - Currently only single-zone OCP clusters are supported' - type: string - type: object - x-kubernetes-validations: - - message: cannot unset resourceGroup once set - rule: '!has(oldSelf.resourceGroup) || has(self.resourceGroup)' - type: - description: "type is the underlying infrastructure provider - for the cluster. This value controls whether infrastructure - automation such as service load balancers, dynamic volume - provisioning, machine creation and deletion, and other - integrations are enabled. If None, no infrastructure - automation is enabled. Allowed values are \"AWS\", \"Azure\", - \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", - \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", - \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual - components may not support all platforms, and must handle - unrecognized platforms as None if they do not support - that platform. \n This value will be synced with to - the `status.platform` and `status.platformStatus.type`. - Currently this value cannot be changed once set." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: VSphere contains settings specific to the - VSphere infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. \n Deprecated: Use - APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. \n Deprecated: Use IngressIPs - instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IPs otherwise only - one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer - used by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer - used by the cluster on VSphere platform which - can be a user-managed or openshift-managed load - balancer that is to be used for the OpenShift - API and Ingress endpoints. When set to OpenShiftManagedDefault - the static pods in charge of API and Ingress - traffic load-balancing defined in the machine - config operator will be deployed. When set to - UserManaged these static pods will not be deployed - and it is expected that the load balancer is - configured out of band by the deployer. When - omitted, this means no opinion and the platform - is left to choose a reasonable default. The - default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used - to connect all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR - notation (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by - the DNS operator, `NodeDNSIP` provides name resolution - for the nodes themselves. There is no DNS-as-a-service - for vSphere deployments. In order to minimize necessary - changes to the datacenter DNS, a DNS service is - hosted as a static pod to serve those hostnames - to the nodes in the cluster. - type: string - type: object - type: object - type: object - required: - - spec - type: object - x-kubernetes-embedded-resource: true - internalRegistryPullSecret: - description: internalRegistryPullSecret is the pull secret for the - internal registry, used by rpm-ostree to pull images from the internal - registry if present - format: byte - nullable: true - type: string - ipFamilies: - description: ipFamilies indicates the IP families in use by the cluster - network - type: string - kubeAPIServerServingCAData: - description: kubeAPIServerServingCAData managed Kubelet to API Server - Cert... Rotated automatically - format: byte - type: string - network: - description: Network contains additional network related information - nullable: true - properties: - mtuMigration: - description: MTUMigration contains the MTU migration configuration. - nullable: true - properties: - machine: - description: Machine contains MTU migration configuration - for the machine's uplink. - properties: - from: - description: From is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: To is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - network: - description: Network contains MTU migration configuration - for the default network. - properties: - from: - description: From is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: To is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - type: object - required: - - mtuMigration - type: object - networkType: - description: 'networkType holds the type of network the cluster is - using XXX: this is temporary and will be dropped as soon as possible - in favor of a better support to start network related services the - proper way. Nobody is also changing this once the cluster is up - and running the first time, so, disallow regeneration if this changes.' - type: string - osImageURL: - description: OSImageURL is the old-format container image that contains - the OS update payload. - type: string - platform: - description: platform is deprecated, use Infra.Status.PlatformStatus.Type - instead - type: string - proxy: - description: proxy holds the current proxy configuration for the nodes - nullable: true - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS requests. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames and/or - CIDRs for which the proxy should not be used. - type: string - type: object - pullSecret: - description: pullSecret is the default pull secret that needs to be - installed on all machines. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - x-kubernetes-map-type: atomic - releaseImage: - description: releaseImage is the image used when installing the cluster - type: string - rootCAData: - description: rootCAData specifies the root CA data - format: byte - type: string - required: - - additionalTrustBundle - - baseOSContainerImage - - cloudProviderCAData - - cloudProviderConfig - - clusterDNSIP - - dns - - images - - infra - - ipFamilies - - kubeAPIServerServingCAData - - network - - proxy - - releaseImage - - rootCAData - type: object - status: - description: ControllerConfigStatus is the status for ControllerConfig - properties: - conditions: - description: conditions represents the latest available observations - of current state. - items: - description: ControllerConfigStatusCondition contains condition - information for ControllerConfigStatus - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status object. - format: date-time - nullable: true - type: string - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. - type: string - reason: - description: reason is the reason for the condition's last transition. Reasons - are PascalCase - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the state of the operator's reconciliation - functionality. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - x-kubernetes-list-type: atomic - controllerCertificates: - description: controllerCertificates represents the latest available - observations of the automatically rotating certificates in the MCO. - items: - description: ControllerCertificate contains info about a specific - cert. - properties: - bundleFile: - description: bundleFile is the larger bundle a cert comes from - type: string - notAfter: - description: notAfter is the upper boundary for validity - format: date-time - type: string - notBefore: - description: notBefore is the lower boundary for validity - format: date-time - type: string - signer: - description: signer is the cert Issuer - type: string - subject: - description: subject is the cert subject - type: string - required: - - bundleFile - - signer - - subject - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration represents the generation observed - by the controller. - format: int64 - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_controllerconfig-Default.crd.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_controllerconfig-Default.crd.yaml deleted file mode 100644 index d4f05b83943..00000000000 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_controllerconfig-Default.crd.yaml +++ /dev/null @@ -1,2458 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1453 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: Default - labels: - openshift.io/operator-managed: "" - name: controllerconfigs.machineconfiguration.openshift.io -spec: - group: machineconfiguration.openshift.io - names: - kind: ControllerConfig - listKind: ControllerConfigList - plural: controllerconfigs - singular: controllerconfig - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ControllerConfig describes configuration for MachineConfigController. - This is currently only used to drive the MachineConfig objects generated - by the TemplateController. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ControllerConfigSpec is the spec for ControllerConfig resource. - properties: - additionalTrustBundle: - description: additionalTrustBundle is a certificate bundle that will - be added to the nodes trusted certificate store. - format: byte - nullable: true - type: string - baseOSContainerImage: - description: BaseOSContainerImage is the new-format container image - for operating system updates. - type: string - baseOSExtensionsContainerImage: - description: BaseOSExtensionsContainerImage is the matching extensions - container for the new-format container - type: string - cloudProviderCAData: - description: cloudProvider specifies the cloud provider CA data - format: byte - nullable: true - type: string - cloudProviderConfig: - description: cloudProviderConfig is the configuration for the given - cloud provider - type: string - clusterDNSIP: - description: clusterDNSIP is the cluster DNS IP address - type: string - dns: - description: dns holds the cluster dns details - nullable: true - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: 'metadata is the standard object''s metadata. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - spec: - description: spec holds user settable values for configuration - properties: - baseDomain: - description: "baseDomain is the base domain of the cluster. - All managed DNS records will be sub-domains of this base. - \n For example, given the base domain `openshift.example.com`, - an API server DNS record may be created for `cluster-api.openshift.example.com`. - \n Once set, this field cannot be changed." - type: string - platform: - description: platform holds configuration specific to the - underlying infrastructure provider for DNS. When omitted, - this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject - to change over time. - properties: - aws: - description: aws contains DNS configuration specific to - the Amazon Web Services cloud provider. - properties: - privateZoneIAMRole: - description: privateZoneIAMRole contains the ARN of - an IAM role that should be assumed when performing - operations on the cluster's private hosted zone - specified in the cluster DNS config. When left empty, - no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ - type: string - type: object - type: - description: "type is the underlying infrastructure provider - for the cluster. Allowed values: \"\", \"AWS\". \n Individual - components may not support all platforms, and must handle - unrecognized platforms with best-effort defaults." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - x-kubernetes-validations: - - message: allowed values are '' and 'AWS' - rule: self in ['','AWS'] - required: - - type - type: object - x-kubernetes-validations: - - message: aws configuration is required when platform is - AWS, and forbidden otherwise - rule: 'has(self.type) && self.type == ''AWS'' ? has(self.aws) - : !has(self.aws)' - privateZone: - description: "privateZone is the location where all the DNS - records that are only available internally to the cluster - exist. \n If this field is nil, no private records should - be created. \n Once set, this field cannot be changed." - properties: - id: - description: "id is the identifier that can be used to - find the DNS hosted zone. \n on AWS zone can be fetched - using `ID` as id in [1] on Azure zone can be fetched - using `ID` as a pre-determined name in [2], on GCP zone - can be fetched using `ID` as a pre-determined name in - [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" - type: string - tags: - additionalProperties: - type: string - description: "tags can be used to query the DNS hosted - zone. \n on AWS, resourcegroupstaggingapi [1] can be - used to fetch a zone using `Tags` as tag-filters, \n - [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" - type: object - type: object - publicZone: - description: "publicZone is the location where all the DNS - records that are publicly accessible to the internet exist. - \n If this field is nil, no public records should be created. - \n Once set, this field cannot be changed." - properties: - id: - description: "id is the identifier that can be used to - find the DNS hosted zone. \n on AWS zone can be fetched - using `ID` as id in [1] on Azure zone can be fetched - using `ID` as a pre-determined name in [2], on GCP zone - can be fetched using `ID` as a pre-determined name in - [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" - type: string - tags: - additionalProperties: - type: string - description: "tags can be used to query the DNS hosted - zone. \n on AWS, resourcegroupstaggingapi [1] can be - used to fetch a zone using `Tags` as tag-filters, \n - [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" - type: object - type: object - type: object - status: - description: status holds observed values from the cluster. They - may not be overridden. - type: object - required: - - spec - type: object - x-kubernetes-embedded-resource: true - etcdDiscoveryDomain: - description: etcdDiscoveryDomain is deprecated, use Infra.Status.EtcdDiscoveryDomain - instead - type: string - imageRegistryBundleData: - description: imageRegistryBundleData is the ImageRegistryData - items: - description: ImageRegistryBundle contains information for writing - image registry certificates - properties: - data: - description: data holds the contents of the bundle that will - be written to the file location - format: byte - type: string - file: - description: file holds the name of the file where the bundle - will be written to disk - type: string - required: - - data - - file - type: object - type: array - x-kubernetes-list-type: atomic - imageRegistryBundleUserData: - description: imageRegistryBundleUserData is Image Registry Data provided - by the user - items: - description: ImageRegistryBundle contains information for writing - image registry certificates - properties: - data: - description: data holds the contents of the bundle that will - be written to the file location - format: byte - type: string - file: - description: file holds the name of the file where the bundle - will be written to disk - type: string - required: - - data - - file - type: object - type: array - x-kubernetes-list-type: atomic - images: - additionalProperties: - type: string - description: images is map of images that are used by the controller - to render templates under ./templates/ - type: object - infra: - description: infra holds the infrastructure details - nullable: true - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: 'metadata is the standard object''s metadata. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - spec: - description: spec holds user settable values for configuration - properties: - cloudConfig: - description: "cloudConfig is a reference to a ConfigMap containing - the cloud provider configuration file. This configuration - file is used to configure the Kubernetes cloud provider - integration when using the built-in cloud provider integration - or the external cloud controller manager. The namespace - for this config map is openshift-config. \n cloudConfig - should only be consumed by the kube_cloud_config controller. - The controller is responsible for using the user configuration - in the spec for various platforms and combining that with - the user provided ConfigMap in this field to create a stitched - kube cloud config. The controller generates a ConfigMap - `kube-cloud-config` in `openshift-config-managed` namespace - with the kube cloud config is stored in `cloud.conf` key. - All the clients are expected to use the generated ConfigMap - only." - properties: - key: - description: Key allows pointing to a specific key/value - inside of the configmap. This is useful for logical - file references. - type: string - name: - type: string - type: object - platformSpec: - description: platformSpec holds desired information specific - to the underlying infrastructure provider. - properties: - alibabaCloud: - description: AlibabaCloud contains settings specific to - the Alibaba Cloud infrastructure provider. - type: object - aws: - description: AWS contains settings specific to the Amazon - Web Services infrastructure provider. - properties: - serviceEndpoints: - description: serviceEndpoints list contains custom - endpoints which will override default service endpoint - of AWS Services. There must be only one ServiceEndpoint - for a service. - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults - of AWS Services. - properties: - name: - description: name is the name of the AWS service. - The list of all the service names can be found - at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with - scheme https, that overrides the default generated - endpoint for a client. This must be provided - and cannot be empty. - pattern: ^https:// - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - azure: - description: Azure contains settings specific to the Azure - infrastructure provider. - type: object - baremetal: - description: BareMetal contains settings specific to the - BareMetal platform. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. - When omitted, values from the status.apiServerInternalIPs - will be used. Once set, the list cannot be completely - removed (but its second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most - one IPv4 address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IP addresses, one - from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. - Once set, the list cannot be completely removed - (but its second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used - to connect all the OpenShift cluster nodes. Each - network is provided in the CIDR format and should - be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR - notation (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once - set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - equinixMetal: - description: EquinixMetal contains settings specific to - the Equinix Metal infrastructure provider. - type: object - external: - description: ExternalPlatformType represents generic infrastructure - provider. Platform-specific components should be supplemented - separately. - properties: - platformName: - default: Unknown - description: PlatformName holds the arbitrary string - representing the infrastructure provider name, expected - to be set at the installation time. This field is - solely for informational and reporting purposes - and is not expected to be used for decision-making. - type: string - x-kubernetes-validations: - - message: platform name cannot be changed once set - rule: oldSelf == 'Unknown' || self == oldSelf - type: object - gcp: - description: GCP contains settings specific to the Google - Cloud Platform infrastructure provider. - type: object - ibmcloud: - description: IBMCloud contains settings specific to the - IBMCloud infrastructure provider. - type: object - kubevirt: - description: Kubevirt contains settings specific to the - kubevirt infrastructure provider. - type: object - nutanix: - description: Nutanix contains settings specific to the - Nutanix infrastructure provider. - properties: - failureDomains: - description: failureDomains configures failure domains - information for the Nutanix platform. When set, - the failure domains defined here may be used to - spread Machines across prism element clusters to - improve fault tolerance of the cluster. - items: - description: NutanixFailureDomain configures failure - domain information for the Nutanix platform. - properties: - cluster: - description: cluster is to identify the cluster - (the Prism Element under management of the - Prism Central), in which the Machine's VM - will be created. The cluster identifier (uuid - or name) can be obtained from the Prism Central - console or using the prism_central API. - properties: - name: - description: name is the resource name in - the PC. It cannot be empty if the type - is Name. - type: string - type: - description: type is the identifier type - to use for this resource. - enum: - - UUID - - Name - type: string - uuid: - description: uuid is the UUID of the resource - in the PC. It cannot be empty if the type - is UUID. - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: uuid configuration is required when - type is UUID, and forbidden otherwise - rule: 'has(self.type) && self.type == ''UUID'' - ? has(self.uuid) : !has(self.uuid)' - - message: name configuration is required when - type is Name, and forbidden otherwise - rule: 'has(self.type) && self.type == ''Name'' - ? has(self.name) : !has(self.name)' - name: - description: name defines the unique name of - a failure domain. Name is required and must - be at most 64 characters in length. It must - consist of only lower case alphanumeric characters - and hyphens (-). It must start and end with - an alphanumeric character. This value is arbitrary - and is used to identify the failure domain - within the platform. - maxLength: 64 - minLength: 1 - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' - type: string - subnets: - description: subnets holds a list of identifiers - (one or more) of the cluster's network subnets - for the Machine's VM to connect to. The subnet - identifiers (uuid or name) can be obtained - from the Prism Central console or using the - prism_central API. - items: - description: NutanixResourceIdentifier holds - the identity of a Nutanix PC resource (cluster, - image, subnet, etc.) - properties: - name: - description: name is the resource name - in the PC. It cannot be empty if the - type is Name. - type: string - type: - description: type is the identifier type - to use for this resource. - enum: - - UUID - - Name - type: string - uuid: - description: uuid is the UUID of the resource - in the PC. It cannot be empty if the - type is UUID. - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: uuid configuration is required - when type is UUID, and forbidden otherwise - rule: 'has(self.type) && self.type == ''UUID'' - ? has(self.uuid) : !has(self.uuid)' - - message: name configuration is required - when type is Name, and forbidden otherwise - rule: 'has(self.type) && self.type == ''Name'' - ? has(self.name) : !has(self.name)' - maxItems: 1 - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - required: - - cluster - - name - - subnets - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - prismCentral: - description: prismCentral holds the endpoint address - and port to access the Nutanix Prism Central. When - a cluster-wide proxy is installed, by default, this - endpoint will be accessed via the proxy. Should - you wish for communication with this endpoint not - to be proxied, please add the endpoint to the proxy - spec.noProxy list. - properties: - address: - description: address is the endpoint address (DNS - name or IP address) of the Nutanix Prism Central - or Element (cluster) - maxLength: 256 - type: string - port: - description: port is the port number to access - the Nutanix Prism Central or Element (cluster) - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - prismElements: - description: prismElements holds one or more endpoint - address and port data to access the Nutanix Prism - Elements (clusters) of the Nutanix Prism Central. - Currently we only support one Prism Element (cluster) - for an OpenShift cluster, where all the Nutanix - resources (VMs, subnets, volumes, etc.) used in - the OpenShift cluster are located. In the future, - we may support Nutanix resources (VMs, etc.) spread - over multiple Prism Elements (clusters) of the Prism - Central. - items: - description: NutanixPrismElementEndpoint holds the - name and endpoint data for a Prism Element (cluster) - properties: - endpoint: - description: endpoint holds the endpoint address - and port data of the Prism Element (cluster). - When a cluster-wide proxy is installed, by - default, this endpoint will be accessed via - the proxy. Should you wish for communication - with this endpoint not to be proxied, please - add the endpoint to the proxy spec.noProxy - list. - properties: - address: - description: address is the endpoint address - (DNS name or IP address) of the Nutanix - Prism Central or Element (cluster) - maxLength: 256 - type: string - port: - description: port is the port number to - access the Nutanix Prism Central or Element - (cluster) - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - name: - description: name is the name of the Prism Element - (cluster). This value will correspond with - the cluster field configured on other resources - (eg Machines, PVCs, etc). - maxLength: 256 - type: string - required: - - endpoint - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - prismCentral - - prismElements - type: object - openstack: - description: OpenStack contains settings specific to the - OpenStack infrastructure provider. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. - When omitted, values from the status.apiServerInternalIPs - will be used. Once set, the list cannot be completely - removed (but its second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most - one IPv4 address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IP addresses, one - from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. - Once set, the list cannot be completely removed - (but its second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used - to connect all the OpenShift cluster nodes. Each - network is provided in the CIDR format and should - be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR - notation (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once - set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - ovirt: - description: Ovirt contains settings specific to the oVirt - infrastructure provider. - type: object - powervs: - description: PowerVS contains settings specific to the - IBM Power Systems Virtual Servers infrastructure provider. - properties: - serviceEndpoints: - description: serviceEndpoints is a list of custom - endpoints which will override the default service - endpoints of a Power VS service. - items: - description: PowervsServiceEndpoint stores the configuration - of a custom url to override existing defaults - of PowerVS Services. - properties: - name: - description: name is the name of the Power VS - service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api - ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller - Power Cloud - https://cloud.ibm.com/apidocs/power-cloud - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with - scheme https, that overrides the default generated - endpoint for a client. This must be provided - and cannot be empty. - format: uri - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: - description: type is the underlying infrastructure provider - for the cluster. This value controls whether infrastructure - automation such as service load balancers, dynamic volume - provisioning, machine creation and deletion, and other - integrations are enabled. If None, no infrastructure - automation is enabled. Allowed values are "AWS", "Azure", - "BareMetal", "GCP", "Libvirt", "OpenStack", "VSphere", - "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", - "Nutanix" and "None". Individual components may not - support all platforms, and must handle unrecognized - platforms as None if they do not support that platform. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: VSphere contains settings specific to the - VSphere infrastructure provider. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. - When omitted, values from the status.apiServerInternalIPs - will be used. Once set, the list cannot be completely - removed (but its second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most - one IPv4 address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - failureDomains: - description: failureDomains contains the definition - of region, zone and the vCenter topology. If this - is omitted failure domains (regions and zones) will - not be used. - items: - description: VSpherePlatformFailureDomainSpec holds - the region and zone failure domain and the vCenter - topology of that failure domain. - properties: - name: - description: name defines the arbitrary but - unique name of a failure domain. - maxLength: 256 - minLength: 1 - type: string - region: - description: region defines the name of a region - tag that will be attached to a vCenter datacenter. - The tag category in vCenter must be named - openshift-region. - maxLength: 80 - minLength: 1 - type: string - server: - description: server is the fully-qualified domain - name or the IP address of the vCenter server. - --- - maxLength: 255 - minLength: 1 - type: string - topology: - description: Topology describes a given failure - domain using vSphere constructs - properties: - computeCluster: - description: computeCluster the absolute - path of the vCenter cluster in which virtual - machine will be located. The absolute - path is of the form //host/. - The maximum length of the path is 2048 - characters. - maxLength: 2048 - pattern: ^/.*?/host/.*? - type: string - datacenter: - description: datacenter is the name of vCenter - datacenter in which virtual machines will - be located. The maximum length of the - datacenter name is 80 characters. - maxLength: 80 - type: string - datastore: - description: datastore is the absolute path - of the datastore in which the virtual - machine is located. The absolute path - is of the form //datastore/ - The maximum length of the path is 2048 - characters. - maxLength: 2048 - pattern: ^/.*?/datastore/.*? - type: string - folder: - description: folder is the absolute path - of the folder where virtual machines are - located. The absolute path is of the form - //vm/. The maximum - length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/vm/.*? - type: string - networks: - description: networks is the list of port - group network names within this failure - domain. Currently, we only support a single - interface per RHCOS virtual machine. The - available networks (port groups) can be - listed using `govc ls 'network/*'` The - single interface should be the absolute - path of the form //network/. - items: - type: string - maxItems: 1 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - resourcePool: - description: resourcePool is the absolute - path of the resource pool where virtual - machines will be created. The absolute - path is of the form //host//Resources/. - The maximum length of the path is 2048 - characters. - maxLength: 2048 - pattern: ^/.*?/host/.*?/Resources.* - type: string - template: - description: "template is the full inventory - path of the virtual machine or template - that will be cloned when creating new - machines in this failure domain. The maximum - length of the path is 2048 characters. - \n When omitted, the template will be - calculated by the control plane machineset - operator based on the region and zone - defined in VSpherePlatformFailureDomainSpec. - For example, for zone=zonea, region=region1, - and infrastructure name=test, the template - path would be calculated as //vm/test-rhcos-region1-zonea." - maxLength: 2048 - minLength: 1 - pattern: ^/.*?/vm/.*? - type: string - required: - - computeCluster - - datacenter - - datastore - - networks - type: object - zone: - description: zone defines the name of a zone - tag that will be attached to a vCenter cluster. - The tag category in vCenter must be named - openshift-zone. - maxLength: 80 - minLength: 1 - type: string - required: - - name - - region - - server - - topology - - zone - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IP addresses, one - from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. - Once set, the list cannot be completely removed - (but its second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used - to connect all the OpenShift cluster nodes. Each - network is provided in the CIDR format and should - be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR - notation (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeNetworking: - description: nodeNetworking contains the definition - of internal and external network constraints for - assigning the node's networking. If this field is - omitted, networking defaults to the legacy address - selection behavior which is to only support a single - address and return the first one found. - properties: - external: - description: external represents the network configuration - of the node that is externally routable. - properties: - excludeNetworkSubnetCidr: - description: excludeNetworkSubnetCidr IP addresses - in subnet ranges will be excluded when selecting - the IP address from the VirtualMachine's - VM for use in the status.addresses fields. - --- - items: - type: string - type: array - x-kubernetes-list-type: atomic - network: - description: network VirtualMachine's VM Network - names that will be used to when searching - for status.addresses fields. Note that if - internal.networkSubnetCIDR and external.networkSubnetCIDR - are not set, then the vNIC associated to - this network must only have a single IP - address assigned to it. The available networks - (port groups) can be listed using `govc - ls 'network/*'` - type: string - networkSubnetCidr: - description: networkSubnetCidr IP address - on VirtualMachine's network interfaces included - in the fields' CIDRs that will be used in - respective status.addresses fields. --- - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - internal: - description: internal represents the network configuration - of the node that is routable only within the - cluster. - properties: - excludeNetworkSubnetCidr: - description: excludeNetworkSubnetCidr IP addresses - in subnet ranges will be excluded when selecting - the IP address from the VirtualMachine's - VM for use in the status.addresses fields. - --- - items: - type: string - type: array - x-kubernetes-list-type: atomic - network: - description: network VirtualMachine's VM Network - names that will be used to when searching - for status.addresses fields. Note that if - internal.networkSubnetCIDR and external.networkSubnetCIDR - are not set, then the vNIC associated to - this network must only have a single IP - address assigned to it. The available networks - (port groups) can be listed using `govc - ls 'network/*'` - type: string - networkSubnetCidr: - description: networkSubnetCidr IP address - on VirtualMachine's network interfaces included - in the fields' CIDRs that will be used in - respective status.addresses fields. --- - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - type: object - vcenters: - description: vcenters holds the connection details - for services to communicate with vCenter. Currently, - only a single vCenter is supported. --- - items: - description: VSpherePlatformVCenterSpec stores the - vCenter connection fields. This is used by the - vSphere CCM. - properties: - datacenters: - description: The vCenter Datacenters in which - the RHCOS vm guests are located. This field - will be used by the Cloud Controller Manager. - Each datacenter listed here should be used - within a topology. - items: - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - port: - description: port is the TCP port that will - be used to communicate to the vCenter endpoint. - When omitted, this means the user has no opinion - and it is up to the platform to choose a sensible - default, which is subject to change over time. - format: int32 - maximum: 32767 - minimum: 1 - type: integer - server: - description: server is the fully-qualified domain - name or the IP address of the vCenter server. - --- - maxLength: 255 - type: string - required: - - datacenters - - server - type: object - maxItems: 1 - minItems: 0 - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once - set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - type: object - type: object - status: - description: status holds observed values from the cluster. They - may not be overridden. - properties: - apiServerInternalURI: - description: apiServerInternalURL is a valid URI with scheme - 'https', address and optionally a port (defaulting to 443). apiServerInternalURL - can be used by components like kubelets, to contact the - Kubernetes API server using the infrastructure provider - rather than Kubernetes networking. - type: string - apiServerURL: - description: apiServerURL is a valid URI with scheme 'https', - address and optionally a port (defaulting to 443). apiServerURL - can be used by components like the web console to tell users - where to find the Kubernetes API. - type: string - controlPlaneTopology: - default: HighlyAvailable - description: controlPlaneTopology expresses the expectations - for operands that normally run on control nodes. The default - is 'HighlyAvailable', which represents the behavior operators - have in a "normal" cluster. The 'SingleReplica' mode will - be used in single-node deployments and the operators should - not configure the operand for highly-available operation - The 'External' mode indicates that the control plane is - hosted externally to the cluster and that its components - are not visible within the cluster. - enum: - - HighlyAvailable - - SingleReplica - - External - type: string - cpuPartitioning: - default: None - description: cpuPartitioning expresses if CPU partitioning - is a currently enabled feature in the cluster. CPU Partitioning - means that this cluster can support partitioning workloads - to specific CPU Sets. Valid values are "None" and "AllNodes". - When omitted, the default value is "None". The default value - of "None" indicates that no nodes will be setup with CPU - partitioning. The "AllNodes" value indicates that all nodes - have been setup with CPU partitioning, and can then be further - configured via the PerformanceProfile API. - enum: - - None - - AllNodes - type: string - etcdDiscoveryDomain: - description: 'etcdDiscoveryDomain is the domain used to fetch - the SRV records for discovering etcd servers and clients. - For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery - deprecated: as of 4.7, this field is no longer set or honored. It - will be removed in a future release.' - type: string - infrastructureName: - description: infrastructureName uniquely identifies a cluster - with a human friendly name. Once set it should not be changed. - Must be of max length 27 and must have only alphanumeric - or hyphen characters. - type: string - infrastructureTopology: - default: HighlyAvailable - description: 'infrastructureTopology expresses the expectations - for infrastructure services that do not run on control plane - nodes, usually indicated by a node selector for a `role` - value other than `master`. The default is ''HighlyAvailable'', - which represents the behavior operators have in a "normal" - cluster. The ''SingleReplica'' mode will be used in single-node - deployments and the operators should not configure the operand - for highly-available operation NOTE: External topology mode - is not applicable for this field.' - enum: - - HighlyAvailable - - SingleReplica - type: string - platform: - description: "platform is the underlying infrastructure provider - for the cluster. \n Deprecated: Use platformStatus.type - instead." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - platformStatus: - description: platformStatus holds status information specific - to the underlying infrastructure provider. - properties: - alibabaCloud: - description: AlibabaCloud contains settings specific to - the Alibaba Cloud infrastructure provider. - properties: - region: - description: region specifies the region for Alibaba - Cloud resources created for the cluster. - pattern: ^[0-9A-Za-z-]+$ - type: string - resourceGroupID: - description: resourceGroupID is the ID of the resource - group for the cluster. - pattern: ^(rg-[0-9A-Za-z]+)?$ - type: string - resourceTags: - description: resourceTags is a list of additional - tags to apply to Alibaba Cloud resources created - for the cluster. - items: - description: AlibabaCloudResourceTag is the set - of tags to add to apply to resources. - properties: - key: - description: key is the key of the tag. - maxLength: 128 - minLength: 1 - type: string - value: - description: value is the value of the tag. - maxLength: 128 - minLength: 1 - type: string - required: - - key - - value - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - required: - - region - type: object - aws: - description: AWS contains settings specific to the Amazon - Web Services infrastructure provider. - properties: - region: - description: region holds the default AWS region for - new AWS resources created by the cluster. - type: string - resourceTags: - description: resourceTags is a list of additional - tags to apply to AWS resources created for the cluster. - See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html - for information on tagging AWS resources. AWS supports - a maximum of 50 tags per resource. OpenShift reserves - 25 tags for its use, leaving 25 tags available for - the user. - items: - description: AWSResourceTag is a tag to apply to - AWS resources created for the cluster. - properties: - key: - description: key is the key of the tag - maxLength: 128 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - value: - description: value is the value of the tag. - Some AWS service do not support empty values. - Since tags are added to resources in many - services, the length of the tag value must - meet the requirements of all services. - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 25 - type: array - x-kubernetes-list-type: atomic - serviceEndpoints: - description: ServiceEndpoints list contains custom - endpoints which will override default service endpoint - of AWS Services. There must be only one ServiceEndpoint - for a service. - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults - of AWS Services. - properties: - name: - description: name is the name of the AWS service. - The list of all the service names can be found - at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with - scheme https, that overrides the default generated - endpoint for a client. This must be provided - and cannot be empty. - pattern: ^https:// - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - azure: - description: Azure contains settings specific to the Azure - infrastructure provider. - properties: - armEndpoint: - description: armEndpoint specifies a URL to use for - resource management in non-soverign clouds such - as Azure Stack. - type: string - cloudName: - description: cloudName is the name of the Azure cloud - environment which can be used to configure the Azure - SDK with the appropriate Azure API endpoints. If - empty, the value is equal to `AzurePublicCloud`. - enum: - - "" - - AzurePublicCloud - - AzureUSGovernmentCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureStackCloud - type: string - networkResourceGroupName: - description: networkResourceGroupName is the Resource - Group for network resources like the Virtual Network - and Subnets used by the cluster. If empty, the value - is same as ResourceGroupName. - type: string - resourceGroupName: - description: resourceGroupName is the Resource Group - for new Azure resources created for the cluster. - type: string - resourceTags: - description: resourceTags is a list of additional - tags to apply to Azure resources created for the - cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags - for information on tagging Azure resources. Due - to limitations on Automation, Content Delivery Network, - DNS Azure resources, a maximum of 15 tags may be - applied. OpenShift reserves 5 tags for internal - use, allowing 10 tags for user configuration. - items: - description: AzureResourceTag is a tag to apply - to Azure resources created for the cluster. - properties: - key: - description: key is the key part of the tag. - A tag key can have a maximum of 128 characters - and cannot be empty. Key must begin with a - letter, end with a letter, number or underscore, - and must contain only alphanumeric characters - and the following special characters `_ . - -`. - maxLength: 128 - minLength: 1 - pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$ - type: string - value: - description: 'value is the value part of the - tag. A tag value can have a maximum of 256 - characters and cannot be empty. Value must - contain only alphanumeric characters and the - following special characters `_ + , - . / - : ; < = > ? @`.' - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 10 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: resourceTags are immutable and may only - be configured during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, - x in self) - type: object - x-kubernetes-validations: - - message: resourceTags may only be configured during - installation - rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) - || has(oldSelf.resourceTags) && has(self.resourceTags)' - baremetal: - description: BareMetal contains settings specific to the - BareMetal platform. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. \n Deprecated: Use - APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. \n Deprecated: Use IngressIPs - instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IPs otherwise only - one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer - used by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer - used by the cluster on BareMetal platform which - can be a user-managed or openshift-managed load - balancer that is to be used for the OpenShift - API and Ingress endpoints. When set to OpenShiftManagedDefault - the static pods in charge of API and Ingress - traffic load-balancing defined in the machine - config operator will be deployed. When set to - UserManaged these static pods will not be deployed - and it is expected that the load balancer is - configured out of band by the deployer. When - omitted, this means no opinion and the platform - is left to choose a reasonable default. The - default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used - to connect all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR - notation (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by - the DNS operator, `NodeDNSIP` provides name resolution - for the nodes themselves. There is no DNS-as-a-service - for BareMetal deployments. In order to minimize - necessary changes to the datacenter DNS, a DNS service - is hosted as a static pod to serve those hostnames - to the nodes in the cluster. - type: string - type: object - equinixMetal: - description: EquinixMetal contains settings specific to - the Equinix Metal infrastructure provider. - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. - type: string - type: object - external: - description: External contains settings specific to the - generic External infrastructure provider. - properties: - cloudControllerManager: - description: cloudControllerManager contains settings - specific to the external Cloud Controller Manager - (a.k.a. CCM or CPI). When omitted, new nodes will - be not tainted and no extra initialization from - the cloud controller manager is expected. - properties: - state: - description: "state determines whether or not - an external Cloud Controller Manager is expected - to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager - \n Valid values are \"External\", \"None\" and - omitted. When set to \"External\", new nodes - will be tainted as uninitialized when created, - preventing them from running workloads until - they are initialized by the cloud controller - manager. When omitted or set to \"None\", new - nodes will be not tainted and no extra initialization - from the cloud controller manager is expected." - enum: - - "" - - External - - None - type: string - x-kubernetes-validations: - - message: state is immutable once set - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: state may not be added or removed once - set - rule: (has(self.state) == has(oldSelf.state)) || - (!has(oldSelf.state) && self.state != "External") - type: object - x-kubernetes-validations: - - message: cloudControllerManager may not be added or - removed once set - rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager) - gcp: - description: GCP contains settings specific to the Google - Cloud Platform infrastructure provider. - properties: - projectID: - description: resourceGroupName is the Project ID for - new GCP resources created for the cluster. - type: string - region: - description: region holds the region for new GCP resources - created for the cluster. - type: string - type: object - ibmcloud: - description: IBMCloud contains settings specific to the - IBMCloud infrastructure provider. - properties: - cisInstanceCRN: - description: CISInstanceCRN is the CRN of the Cloud - Internet Services instance managing the DNS zone - for the cluster's base domain - type: string - dnsInstanceCRN: - description: DNSInstanceCRN is the CRN of the DNS - Services instance managing the DNS zone for the - cluster's base domain - type: string - location: - description: Location is where the cluster has been - deployed - type: string - providerType: - description: ProviderType indicates the type of cluster - that was created - type: string - resourceGroupName: - description: ResourceGroupName is the Resource Group - for new IBMCloud resources created for the cluster. - type: string - serviceEndpoints: - description: serviceEndpoints is a list of custom - endpoints which will override the default service - endpoints of an IBM Cloud service. These endpoints - are consumed by components within the cluster to - reach the respective IBM Cloud Services. - items: - description: IBMCloudServiceEndpoint stores the - configuration of a custom url to override existing - defaults of IBM Cloud Services. - properties: - name: - description: 'name is the name of the IBM Cloud - service. Possible values are: CIS, COS, DNSServices, - GlobalSearch, GlobalTagging, HyperProtect, - IAM, KeyProtect, ResourceController, ResourceManager, - or VPC. For example, the IBM Cloud Private - IAM service could be configured with the service - `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` - Whereas the IBM Cloud Private VPC service - for US South (Dallas) could be configured - with the service `name` of `VPC` and `url` - of `https://us.south.private.iaas.cloud.ibm.com`' - enum: - - CIS - - COS - - DNSServices - - GlobalSearch - - GlobalTagging - - HyperProtect - - IAM - - KeyProtect - - ResourceController - - ResourceManager - - VPC - type: string - url: - description: url is fully qualified URI with - scheme https, that overrides the default generated - endpoint for a client. This must be provided - and cannot be empty. - type: string - x-kubernetes-validations: - - message: url must be a valid absolute URL - rule: isURL(self) - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - kubevirt: - description: Kubevirt contains settings specific to the - kubevirt infrastructure provider. - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. - type: string - type: object - nutanix: - description: Nutanix contains settings specific to the - Nutanix infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. \n Deprecated: Use - APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. \n Deprecated: Use IngressIPs - instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IPs otherwise only - one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer - used by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer - used by the cluster on Nutanix platform which - can be a user-managed or openshift-managed load - balancer that is to be used for the OpenShift - API and Ingress endpoints. When set to OpenShiftManagedDefault - the static pods in charge of API and Ingress - traffic load-balancing defined in the machine - config operator will be deployed. When set to - UserManaged these static pods will not be deployed - and it is expected that the load balancer is - configured out of band by the deployer. When - omitted, this means no opinion and the platform - is left to choose a reasonable default. The - default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - type: object - openstack: - description: OpenStack contains settings specific to the - OpenStack infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. \n Deprecated: Use - APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - cloudName: - description: cloudName is the name of the desired - OpenStack cloud in the client configuration file - (`clouds.yaml`). - type: string - ingressIP: - description: "ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. \n Deprecated: Use IngressIPs - instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IPs otherwise only - one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer - used by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer - used by the cluster on OpenStack platform which - can be a user-managed or openshift-managed load - balancer that is to be used for the OpenShift - API and Ingress endpoints. When set to OpenShiftManagedDefault - the static pods in charge of API and Ingress - traffic load-balancing defined in the machine - config operator will be deployed. When set to - UserManaged these static pods will not be deployed - and it is expected that the load balancer is - configured out of band by the deployer. When - omitted, this means no opinion and the platform - is left to choose a reasonable default. The - default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used - to connect all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR - notation (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by - the DNS operator, `NodeDNSIP` provides name resolution - for the nodes themselves. There is no DNS-as-a-service - for OpenStack deployments. In order to minimize - necessary changes to the datacenter DNS, a DNS service - is hosted as a static pod to serve those hostnames - to the nodes in the cluster. - type: string - type: object - ovirt: - description: Ovirt contains settings specific to the oVirt - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. \n Deprecated: Use - APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. \n Deprecated: Use IngressIPs - instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IPs otherwise only - one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer - used by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer - used by the cluster on Ovirt platform which - can be a user-managed or openshift-managed load - balancer that is to be used for the OpenShift - API and Ingress endpoints. When set to OpenShiftManagedDefault - the static pods in charge of API and Ingress - traffic load-balancing defined in the machine - config operator will be deployed. When set to - UserManaged these static pods will not be deployed - and it is expected that the load balancer is - configured out of band by the deployer. When - omitted, this means no opinion and the platform - is left to choose a reasonable default. The - default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - nodeDNSIP: - description: 'deprecated: as of 4.6, this field is - no longer set or honored. It will be removed in - a future release.' - type: string - type: object - powervs: - description: PowerVS contains settings specific to the - Power Systems Virtual Servers infrastructure provider. - properties: - cisInstanceCRN: - description: CISInstanceCRN is the CRN of the Cloud - Internet Services instance managing the DNS zone - for the cluster's base domain - type: string - dnsInstanceCRN: - description: DNSInstanceCRN is the CRN of the DNS - Services instance managing the DNS zone for the - cluster's base domain - type: string - region: - description: region holds the default Power VS region - for new Power VS resources created by the cluster. - type: string - resourceGroup: - description: 'resourceGroup is the resource group - name for new IBMCloud resources created for a cluster. - The resource group specified here will be used by - cluster-image-registry-operator to set up a COS - Instance in IBMCloud for the cluster registry. More - about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. - When omitted, the image registry operator won''t - be able to configure storage, which results in the - image registry cluster operator not being in an - available state.' - maxLength: 40 - pattern: ^[a-zA-Z0-9-_ ]+$ - type: string - x-kubernetes-validations: - - message: resourceGroup is immutable once set - rule: oldSelf == '' || self == oldSelf - serviceEndpoints: - description: serviceEndpoints is a list of custom - endpoints which will override the default service - endpoints of a Power VS service. - items: - description: PowervsServiceEndpoint stores the configuration - of a custom url to override existing defaults - of PowerVS Services. - properties: - name: - description: name is the name of the Power VS - service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api - ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller - Power Cloud - https://cloud.ibm.com/apidocs/power-cloud - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with - scheme https, that overrides the default generated - endpoint for a client. This must be provided - and cannot be empty. - format: uri - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - zone: - description: 'zone holds the default zone for the - new Power VS resources created by the cluster. Note: - Currently only single-zone OCP clusters are supported' - type: string - type: object - x-kubernetes-validations: - - message: cannot unset resourceGroup once set - rule: '!has(oldSelf.resourceGroup) || has(self.resourceGroup)' - type: - description: "type is the underlying infrastructure provider - for the cluster. This value controls whether infrastructure - automation such as service load balancers, dynamic volume - provisioning, machine creation and deletion, and other - integrations are enabled. If None, no infrastructure - automation is enabled. Allowed values are \"AWS\", \"Azure\", - \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", - \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", - \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual - components may not support all platforms, and must handle - unrecognized platforms as None if they do not support - that platform. \n This value will be synced with to - the `status.platform` and `status.platformStatus.type`. - Currently this value cannot be changed once set." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: VSphere contains settings specific to the - VSphere infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. \n Deprecated: Use - APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. \n Deprecated: Use IngressIPs - instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IPs otherwise only - one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer - used by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer - used by the cluster on VSphere platform which - can be a user-managed or openshift-managed load - balancer that is to be used for the OpenShift - API and Ingress endpoints. When set to OpenShiftManagedDefault - the static pods in charge of API and Ingress - traffic load-balancing defined in the machine - config operator will be deployed. When set to - UserManaged these static pods will not be deployed - and it is expected that the load balancer is - configured out of band by the deployer. When - omitted, this means no opinion and the platform - is left to choose a reasonable default. The - default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used - to connect all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR - notation (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by - the DNS operator, `NodeDNSIP` provides name resolution - for the nodes themselves. There is no DNS-as-a-service - for vSphere deployments. In order to minimize necessary - changes to the datacenter DNS, a DNS service is - hosted as a static pod to serve those hostnames - to the nodes in the cluster. - type: string - type: object - type: object - type: object - required: - - spec - type: object - x-kubernetes-embedded-resource: true - internalRegistryPullSecret: - description: internalRegistryPullSecret is the pull secret for the - internal registry, used by rpm-ostree to pull images from the internal - registry if present - format: byte - nullable: true - type: string - ipFamilies: - description: ipFamilies indicates the IP families in use by the cluster - network - type: string - kubeAPIServerServingCAData: - description: kubeAPIServerServingCAData managed Kubelet to API Server - Cert... Rotated automatically - format: byte - type: string - network: - description: Network contains additional network related information - nullable: true - properties: - mtuMigration: - description: MTUMigration contains the MTU migration configuration. - nullable: true - properties: - machine: - description: Machine contains MTU migration configuration - for the machine's uplink. - properties: - from: - description: From is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: To is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - network: - description: Network contains MTU migration configuration - for the default network. - properties: - from: - description: From is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: To is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - type: object - required: - - mtuMigration - type: object - networkType: - description: 'networkType holds the type of network the cluster is - using XXX: this is temporary and will be dropped as soon as possible - in favor of a better support to start network related services the - proper way. Nobody is also changing this once the cluster is up - and running the first time, so, disallow regeneration if this changes.' - type: string - osImageURL: - description: OSImageURL is the old-format container image that contains - the OS update payload. - type: string - platform: - description: platform is deprecated, use Infra.Status.PlatformStatus.Type - instead - type: string - proxy: - description: proxy holds the current proxy configuration for the nodes - nullable: true - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS requests. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames and/or - CIDRs for which the proxy should not be used. - type: string - type: object - pullSecret: - description: pullSecret is the default pull secret that needs to be - installed on all machines. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - x-kubernetes-map-type: atomic - releaseImage: - description: releaseImage is the image used when installing the cluster - type: string - rootCAData: - description: rootCAData specifies the root CA data - format: byte - type: string - required: - - additionalTrustBundle - - baseOSContainerImage - - cloudProviderCAData - - cloudProviderConfig - - clusterDNSIP - - dns - - images - - infra - - ipFamilies - - kubeAPIServerServingCAData - - network - - proxy - - releaseImage - - rootCAData - type: object - status: - description: ControllerConfigStatus is the status for ControllerConfig - properties: - conditions: - description: conditions represents the latest available observations - of current state. - items: - description: ControllerConfigStatusCondition contains condition - information for ControllerConfigStatus - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status object. - format: date-time - nullable: true - type: string - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. - type: string - reason: - description: reason is the reason for the condition's last transition. Reasons - are PascalCase - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the state of the operator's reconciliation - functionality. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - x-kubernetes-list-type: atomic - controllerCertificates: - description: controllerCertificates represents the latest available - observations of the automatically rotating certificates in the MCO. - items: - description: ControllerCertificate contains info about a specific - cert. - properties: - bundleFile: - description: bundleFile is the larger bundle a cert comes from - type: string - notAfter: - description: notAfter is the upper boundary for validity - format: date-time - type: string - notBefore: - description: notBefore is the lower boundary for validity - format: date-time - type: string - signer: - description: signer is the cert Issuer - type: string - subject: - description: subject is the cert subject - type: string - required: - - bundleFile - - signer - - subject - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration represents the generation observed - by the controller. - format: int64 - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_controllerconfig-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_controllerconfig-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index ce289863ac0..00000000000 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_controllerconfig-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,2694 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1453 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - labels: - openshift.io/operator-managed: "" - name: controllerconfigs.machineconfiguration.openshift.io -spec: - group: machineconfiguration.openshift.io - names: - kind: ControllerConfig - listKind: ControllerConfigList - plural: controllerconfigs - singular: controllerconfig - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ControllerConfig describes configuration for MachineConfigController. - This is currently only used to drive the MachineConfig objects generated - by the TemplateController. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ControllerConfigSpec is the spec for ControllerConfig resource. - properties: - additionalTrustBundle: - description: additionalTrustBundle is a certificate bundle that will - be added to the nodes trusted certificate store. - format: byte - nullable: true - type: string - baseOSContainerImage: - description: BaseOSContainerImage is the new-format container image - for operating system updates. - type: string - baseOSExtensionsContainerImage: - description: BaseOSExtensionsContainerImage is the matching extensions - container for the new-format container - type: string - cloudProviderCAData: - description: cloudProvider specifies the cloud provider CA data - format: byte - nullable: true - type: string - cloudProviderConfig: - description: cloudProviderConfig is the configuration for the given - cloud provider - type: string - clusterDNSIP: - description: clusterDNSIP is the cluster DNS IP address - type: string - dns: - description: dns holds the cluster dns details - nullable: true - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: 'metadata is the standard object''s metadata. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - spec: - description: spec holds user settable values for configuration - properties: - baseDomain: - description: "baseDomain is the base domain of the cluster. - All managed DNS records will be sub-domains of this base. - \n For example, given the base domain `openshift.example.com`, - an API server DNS record may be created for `cluster-api.openshift.example.com`. - \n Once set, this field cannot be changed." - type: string - platform: - description: platform holds configuration specific to the - underlying infrastructure provider for DNS. When omitted, - this means the user has no opinion and the platform is left - to choose reasonable defaults. These defaults are subject - to change over time. - properties: - aws: - description: aws contains DNS configuration specific to - the Amazon Web Services cloud provider. - properties: - privateZoneIAMRole: - description: privateZoneIAMRole contains the ARN of - an IAM role that should be assumed when performing - operations on the cluster's private hosted zone - specified in the cluster DNS config. When left empty, - no role should be assumed. - pattern: ^arn:(aws|aws-cn|aws-us-gov):iam::[0-9]{12}:role\/.*$ - type: string - type: object - type: - description: "type is the underlying infrastructure provider - for the cluster. Allowed values: \"\", \"AWS\". \n Individual - components may not support all platforms, and must handle - unrecognized platforms with best-effort defaults." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - x-kubernetes-validations: - - message: allowed values are '' and 'AWS' - rule: self in ['','AWS'] - required: - - type - type: object - x-kubernetes-validations: - - message: aws configuration is required when platform is - AWS, and forbidden otherwise - rule: 'has(self.type) && self.type == ''AWS'' ? has(self.aws) - : !has(self.aws)' - privateZone: - description: "privateZone is the location where all the DNS - records that are only available internally to the cluster - exist. \n If this field is nil, no private records should - be created. \n Once set, this field cannot be changed." - properties: - id: - description: "id is the identifier that can be used to - find the DNS hosted zone. \n on AWS zone can be fetched - using `ID` as id in [1] on Azure zone can be fetched - using `ID` as a pre-determined name in [2], on GCP zone - can be fetched using `ID` as a pre-determined name in - [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" - type: string - tags: - additionalProperties: - type: string - description: "tags can be used to query the DNS hosted - zone. \n on AWS, resourcegroupstaggingapi [1] can be - used to fetch a zone using `Tags` as tag-filters, \n - [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" - type: object - type: object - publicZone: - description: "publicZone is the location where all the DNS - records that are publicly accessible to the internet exist. - \n If this field is nil, no public records should be created. - \n Once set, this field cannot be changed." - properties: - id: - description: "id is the identifier that can be used to - find the DNS hosted zone. \n on AWS zone can be fetched - using `ID` as id in [1] on Azure zone can be fetched - using `ID` as a pre-determined name in [2], on GCP zone - can be fetched using `ID` as a pre-determined name in - [3]. \n [1]: https://docs.aws.amazon.com/cli/latest/reference/route53/get-hosted-zone.html#options - [2]: https://docs.microsoft.com/en-us/cli/azure/network/dns/zone?view=azure-cli-latest#az-network-dns-zone-show - [3]: https://cloud.google.com/dns/docs/reference/v1/managedZones/get" - type: string - tags: - additionalProperties: - type: string - description: "tags can be used to query the DNS hosted - zone. \n on AWS, resourcegroupstaggingapi [1] can be - used to fetch a zone using `Tags` as tag-filters, \n - [1]: https://docs.aws.amazon.com/cli/latest/reference/resourcegroupstaggingapi/get-resources.html#options" - type: object - type: object - type: object - status: - description: status holds observed values from the cluster. They - may not be overridden. - type: object - required: - - spec - type: object - x-kubernetes-embedded-resource: true - etcdDiscoveryDomain: - description: etcdDiscoveryDomain is deprecated, use Infra.Status.EtcdDiscoveryDomain - instead - type: string - imageRegistryBundleData: - description: imageRegistryBundleData is the ImageRegistryData - items: - description: ImageRegistryBundle contains information for writing - image registry certificates - properties: - data: - description: data holds the contents of the bundle that will - be written to the file location - format: byte - type: string - file: - description: file holds the name of the file where the bundle - will be written to disk - type: string - required: - - data - - file - type: object - type: array - x-kubernetes-list-type: atomic - imageRegistryBundleUserData: - description: imageRegistryBundleUserData is Image Registry Data provided - by the user - items: - description: ImageRegistryBundle contains information for writing - image registry certificates - properties: - data: - description: data holds the contents of the bundle that will - be written to the file location - format: byte - type: string - file: - description: file holds the name of the file where the bundle - will be written to disk - type: string - required: - - data - - file - type: object - type: array - x-kubernetes-list-type: atomic - images: - additionalProperties: - type: string - description: images is map of images that are used by the controller - to render templates under ./templates/ - type: object - infra: - description: infra holds the infrastructure details - nullable: true - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - description: 'metadata is the standard object''s metadata. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' - type: object - spec: - description: spec holds user settable values for configuration - properties: - cloudConfig: - description: "cloudConfig is a reference to a ConfigMap containing - the cloud provider configuration file. This configuration - file is used to configure the Kubernetes cloud provider - integration when using the built-in cloud provider integration - or the external cloud controller manager. The namespace - for this config map is openshift-config. \n cloudConfig - should only be consumed by the kube_cloud_config controller. - The controller is responsible for using the user configuration - in the spec for various platforms and combining that with - the user provided ConfigMap in this field to create a stitched - kube cloud config. The controller generates a ConfigMap - `kube-cloud-config` in `openshift-config-managed` namespace - with the kube cloud config is stored in `cloud.conf` key. - All the clients are expected to use the generated ConfigMap - only." - properties: - key: - description: Key allows pointing to a specific key/value - inside of the configmap. This is useful for logical - file references. - type: string - name: - type: string - type: object - platformSpec: - description: platformSpec holds desired information specific - to the underlying infrastructure provider. - properties: - alibabaCloud: - description: AlibabaCloud contains settings specific to - the Alibaba Cloud infrastructure provider. - type: object - aws: - description: AWS contains settings specific to the Amazon - Web Services infrastructure provider. - properties: - serviceEndpoints: - description: serviceEndpoints list contains custom - endpoints which will override default service endpoint - of AWS Services. There must be only one ServiceEndpoint - for a service. - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults - of AWS Services. - properties: - name: - description: name is the name of the AWS service. - The list of all the service names can be found - at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with - scheme https, that overrides the default generated - endpoint for a client. This must be provided - and cannot be empty. - pattern: ^https:// - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - azure: - description: Azure contains settings specific to the Azure - infrastructure provider. - type: object - baremetal: - description: BareMetal contains settings specific to the - BareMetal platform. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. - When omitted, values from the status.apiServerInternalIPs - will be used. Once set, the list cannot be completely - removed (but its second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most - one IPv4 address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IP addresses, one - from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. - Once set, the list cannot be completely removed - (but its second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used - to connect all the OpenShift cluster nodes. Each - network is provided in the CIDR format and should - be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR - notation (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once - set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - equinixMetal: - description: EquinixMetal contains settings specific to - the Equinix Metal infrastructure provider. - type: object - external: - description: ExternalPlatformType represents generic infrastructure - provider. Platform-specific components should be supplemented - separately. - properties: - platformName: - default: Unknown - description: PlatformName holds the arbitrary string - representing the infrastructure provider name, expected - to be set at the installation time. This field is - solely for informational and reporting purposes - and is not expected to be used for decision-making. - type: string - x-kubernetes-validations: - - message: platform name cannot be changed once set - rule: oldSelf == 'Unknown' || self == oldSelf - type: object - gcp: - description: GCP contains settings specific to the Google - Cloud Platform infrastructure provider. - type: object - ibmcloud: - description: IBMCloud contains settings specific to the - IBMCloud infrastructure provider. - type: object - kubevirt: - description: Kubevirt contains settings specific to the - kubevirt infrastructure provider. - type: object - nutanix: - description: Nutanix contains settings specific to the - Nutanix infrastructure provider. - properties: - failureDomains: - description: failureDomains configures failure domains - information for the Nutanix platform. When set, - the failure domains defined here may be used to - spread Machines across prism element clusters to - improve fault tolerance of the cluster. - items: - description: NutanixFailureDomain configures failure - domain information for the Nutanix platform. - properties: - cluster: - description: cluster is to identify the cluster - (the Prism Element under management of the - Prism Central), in which the Machine's VM - will be created. The cluster identifier (uuid - or name) can be obtained from the Prism Central - console or using the prism_central API. - properties: - name: - description: name is the resource name in - the PC. It cannot be empty if the type - is Name. - type: string - type: - description: type is the identifier type - to use for this resource. - enum: - - UUID - - Name - type: string - uuid: - description: uuid is the UUID of the resource - in the PC. It cannot be empty if the type - is UUID. - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: uuid configuration is required when - type is UUID, and forbidden otherwise - rule: 'has(self.type) && self.type == ''UUID'' - ? has(self.uuid) : !has(self.uuid)' - - message: name configuration is required when - type is Name, and forbidden otherwise - rule: 'has(self.type) && self.type == ''Name'' - ? has(self.name) : !has(self.name)' - name: - description: name defines the unique name of - a failure domain. Name is required and must - be at most 64 characters in length. It must - consist of only lower case alphanumeric characters - and hyphens (-). It must start and end with - an alphanumeric character. This value is arbitrary - and is used to identify the failure domain - within the platform. - maxLength: 64 - minLength: 1 - pattern: '[a-z0-9]([-a-z0-9]*[a-z0-9])?' - type: string - subnets: - description: subnets holds a list of identifiers - (one or more) of the cluster's network subnets - for the Machine's VM to connect to. The subnet - identifiers (uuid or name) can be obtained - from the Prism Central console or using the - prism_central API. - items: - description: NutanixResourceIdentifier holds - the identity of a Nutanix PC resource (cluster, - image, subnet, etc.) - properties: - name: - description: name is the resource name - in the PC. It cannot be empty if the - type is Name. - type: string - type: - description: type is the identifier type - to use for this resource. - enum: - - UUID - - Name - type: string - uuid: - description: uuid is the UUID of the resource - in the PC. It cannot be empty if the - type is UUID. - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: uuid configuration is required - when type is UUID, and forbidden otherwise - rule: 'has(self.type) && self.type == ''UUID'' - ? has(self.uuid) : !has(self.uuid)' - - message: name configuration is required - when type is Name, and forbidden otherwise - rule: 'has(self.type) && self.type == ''Name'' - ? has(self.name) : !has(self.name)' - maxItems: 1 - minItems: 1 - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - required: - - cluster - - name - - subnets - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - prismCentral: - description: prismCentral holds the endpoint address - and port to access the Nutanix Prism Central. When - a cluster-wide proxy is installed, by default, this - endpoint will be accessed via the proxy. Should - you wish for communication with this endpoint not - to be proxied, please add the endpoint to the proxy - spec.noProxy list. - properties: - address: - description: address is the endpoint address (DNS - name or IP address) of the Nutanix Prism Central - or Element (cluster) - maxLength: 256 - type: string - port: - description: port is the port number to access - the Nutanix Prism Central or Element (cluster) - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - prismElements: - description: prismElements holds one or more endpoint - address and port data to access the Nutanix Prism - Elements (clusters) of the Nutanix Prism Central. - Currently we only support one Prism Element (cluster) - for an OpenShift cluster, where all the Nutanix - resources (VMs, subnets, volumes, etc.) used in - the OpenShift cluster are located. In the future, - we may support Nutanix resources (VMs, etc.) spread - over multiple Prism Elements (clusters) of the Prism - Central. - items: - description: NutanixPrismElementEndpoint holds the - name and endpoint data for a Prism Element (cluster) - properties: - endpoint: - description: endpoint holds the endpoint address - and port data of the Prism Element (cluster). - When a cluster-wide proxy is installed, by - default, this endpoint will be accessed via - the proxy. Should you wish for communication - with this endpoint not to be proxied, please - add the endpoint to the proxy spec.noProxy - list. - properties: - address: - description: address is the endpoint address - (DNS name or IP address) of the Nutanix - Prism Central or Element (cluster) - maxLength: 256 - type: string - port: - description: port is the port number to - access the Nutanix Prism Central or Element - (cluster) - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - name: - description: name is the name of the Prism Element - (cluster). This value will correspond with - the cluster field configured on other resources - (eg Machines, PVCs, etc). - maxLength: 256 - type: string - required: - - endpoint - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - required: - - prismCentral - - prismElements - type: object - openstack: - description: OpenStack contains settings specific to the - OpenStack infrastructure provider. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. - When omitted, values from the status.apiServerInternalIPs - will be used. Once set, the list cannot be completely - removed (but its second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most - one IPv4 address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IP addresses, one - from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. - Once set, the list cannot be completely removed - (but its second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used - to connect all the OpenShift cluster nodes. Each - network is provided in the CIDR format and should - be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR - notation (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once - set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - ovirt: - description: Ovirt contains settings specific to the oVirt - infrastructure provider. - type: object - powervs: - description: PowerVS contains settings specific to the - IBM Power Systems Virtual Servers infrastructure provider. - properties: - serviceEndpoints: - description: serviceEndpoints is a list of custom - endpoints which will override the default service - endpoints of a Power VS service. - items: - description: PowervsServiceEndpoint stores the configuration - of a custom url to override existing defaults - of PowerVS Services. - properties: - name: - description: name is the name of the Power VS - service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api - ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller - Power Cloud - https://cloud.ibm.com/apidocs/power-cloud - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with - scheme https, that overrides the default generated - endpoint for a client. This must be provided - and cannot be empty. - format: uri - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - type: - description: type is the underlying infrastructure provider - for the cluster. This value controls whether infrastructure - automation such as service load balancers, dynamic volume - provisioning, machine creation and deletion, and other - integrations are enabled. If None, no infrastructure - automation is enabled. Allowed values are "AWS", "Azure", - "BareMetal", "GCP", "Libvirt", "OpenStack", "VSphere", - "oVirt", "KubeVirt", "EquinixMetal", "PowerVS", "AlibabaCloud", - "Nutanix" and "None". Individual components may not - support all platforms, and must handle unrecognized - platforms as None if they do not support that platform. - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: VSphere contains settings specific to the - VSphere infrastructure provider. - properties: - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IP addresses, - one from IPv4 family and one from IPv6. In single - stack clusters a single IP address is expected. - When omitted, values from the status.apiServerInternalIPs - will be used. Once set, the list cannot be completely - removed (but its second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: apiServerInternalIPs must contain at most - one IPv4 address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - failureDomains: - description: failureDomains contains the definition - of region, zone and the vCenter topology. If this - is omitted failure domains (regions and zones) will - not be used. - items: - description: VSpherePlatformFailureDomainSpec holds - the region and zone failure domain and the vCenter - topology of that failure domain. - properties: - name: - description: name defines the arbitrary but - unique name of a failure domain. - maxLength: 256 - minLength: 1 - type: string - region: - description: region defines the name of a region - tag that will be attached to a vCenter datacenter. - The tag category in vCenter must be named - openshift-region. - maxLength: 80 - minLength: 1 - type: string - server: - description: server is the fully-qualified domain - name or the IP address of the vCenter server. - --- - maxLength: 255 - minLength: 1 - type: string - topology: - description: Topology describes a given failure - domain using vSphere constructs - properties: - computeCluster: - description: computeCluster the absolute - path of the vCenter cluster in which virtual - machine will be located. The absolute - path is of the form //host/. - The maximum length of the path is 2048 - characters. - maxLength: 2048 - pattern: ^/.*?/host/.*? - type: string - datacenter: - description: datacenter is the name of vCenter - datacenter in which virtual machines will - be located. The maximum length of the - datacenter name is 80 characters. - maxLength: 80 - type: string - datastore: - description: datastore is the absolute path - of the datastore in which the virtual - machine is located. The absolute path - is of the form //datastore/ - The maximum length of the path is 2048 - characters. - maxLength: 2048 - pattern: ^/.*?/datastore/.*? - type: string - folder: - description: folder is the absolute path - of the folder where virtual machines are - located. The absolute path is of the form - //vm/. The maximum - length of the path is 2048 characters. - maxLength: 2048 - pattern: ^/.*?/vm/.*? - type: string - networks: - description: networks is the list of port - group network names within this failure - domain. Currently, we only support a single - interface per RHCOS virtual machine. The - available networks (port groups) can be - listed using `govc ls 'network/*'` The - single interface should be the absolute - path of the form //network/. - items: - type: string - maxItems: 1 - minItems: 1 - type: array - x-kubernetes-list-type: atomic - resourcePool: - description: resourcePool is the absolute - path of the resource pool where virtual - machines will be created. The absolute - path is of the form //host//Resources/. - The maximum length of the path is 2048 - characters. - maxLength: 2048 - pattern: ^/.*?/host/.*?/Resources.* - type: string - template: - description: "template is the full inventory - path of the virtual machine or template - that will be cloned when creating new - machines in this failure domain. The maximum - length of the path is 2048 characters. - \n When omitted, the template will be - calculated by the control plane machineset - operator based on the region and zone - defined in VSpherePlatformFailureDomainSpec. - For example, for zone=zonea, region=region1, - and infrastructure name=test, the template - path would be calculated as //vm/test-rhcos-region1-zonea." - maxLength: 2048 - minLength: 1 - pattern: ^/.*?/vm/.*? - type: string - required: - - computeCluster - - datacenter - - datastore - - networks - type: object - zone: - description: zone defines the name of a zone - tag that will be attached to a vCenter cluster. - The tag category in vCenter must be named - openshift-zone. - maxLength: 80 - minLength: 1 - type: string - required: - - name - - region - - server - - topology - - zone - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IP addresses, one - from IPv4 family and one from IPv6. In single stack - clusters a single IP address is expected. When omitted, - values from the status.ingressIPs will be used. - Once set, the list cannot be completely removed - (but its second entry can). - items: - description: IP is an IP address (for example, "10.0.0.0" - or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - x-kubernetes-validations: - - message: ingressIPs must contain at most one IPv4 - address and at most one IPv6 address - rule: 'size(self) == 2 ? self.exists_one(x, x.contains('':'')) - : true' - machineNetworks: - description: machineNetworks are IP networks used - to connect all the OpenShift cluster nodes. Each - network is provided in the CIDR format and should - be IPv4 or IPv6, for example "10.0.0.0/8" or "fd00::/8". - items: - description: CIDR is an IP address range in CIDR - notation (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeNetworking: - description: nodeNetworking contains the definition - of internal and external network constraints for - assigning the node's networking. If this field is - omitted, networking defaults to the legacy address - selection behavior which is to only support a single - address and return the first one found. - properties: - external: - description: external represents the network configuration - of the node that is externally routable. - properties: - excludeNetworkSubnetCidr: - description: excludeNetworkSubnetCidr IP addresses - in subnet ranges will be excluded when selecting - the IP address from the VirtualMachine's - VM for use in the status.addresses fields. - --- - items: - type: string - type: array - x-kubernetes-list-type: atomic - network: - description: network VirtualMachine's VM Network - names that will be used to when searching - for status.addresses fields. Note that if - internal.networkSubnetCIDR and external.networkSubnetCIDR - are not set, then the vNIC associated to - this network must only have a single IP - address assigned to it. The available networks - (port groups) can be listed using `govc - ls 'network/*'` - type: string - networkSubnetCidr: - description: networkSubnetCidr IP address - on VirtualMachine's network interfaces included - in the fields' CIDRs that will be used in - respective status.addresses fields. --- - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - internal: - description: internal represents the network configuration - of the node that is routable only within the - cluster. - properties: - excludeNetworkSubnetCidr: - description: excludeNetworkSubnetCidr IP addresses - in subnet ranges will be excluded when selecting - the IP address from the VirtualMachine's - VM for use in the status.addresses fields. - --- - items: - type: string - type: array - x-kubernetes-list-type: atomic - network: - description: network VirtualMachine's VM Network - names that will be used to when searching - for status.addresses fields. Note that if - internal.networkSubnetCIDR and external.networkSubnetCIDR - are not set, then the vNIC associated to - this network must only have a single IP - address assigned to it. The available networks - (port groups) can be listed using `govc - ls 'network/*'` - type: string - networkSubnetCidr: - description: networkSubnetCidr IP address - on VirtualMachine's network interfaces included - in the fields' CIDRs that will be used in - respective status.addresses fields. --- - items: - type: string - type: array - x-kubernetes-list-type: set - type: object - type: object - vcenters: - description: vcenters holds the connection details - for services to communicate with vCenter. Currently, - only a single vCenter is supported. --- - items: - description: VSpherePlatformVCenterSpec stores the - vCenter connection fields. This is used by the - vSphere CCM. - properties: - datacenters: - description: The vCenter Datacenters in which - the RHCOS vm guests are located. This field - will be used by the Cloud Controller Manager. - Each datacenter listed here should be used - within a topology. - items: - type: string - minItems: 1 - type: array - x-kubernetes-list-type: set - port: - description: port is the TCP port that will - be used to communicate to the vCenter endpoint. - When omitted, this means the user has no opinion - and it is up to the platform to choose a sensible - default, which is subject to change over time. - format: int32 - maximum: 32767 - minimum: 1 - type: integer - server: - description: server is the fully-qualified domain - name or the IP address of the vCenter server. - --- - maxLength: 255 - type: string - required: - - datacenters - - server - type: object - maxItems: 1 - minItems: 0 - type: array - x-kubernetes-list-type: atomic - type: object - x-kubernetes-validations: - - message: apiServerInternalIPs list is required once - set - rule: '!has(oldSelf.apiServerInternalIPs) || has(self.apiServerInternalIPs)' - - message: ingressIPs list is required once set - rule: '!has(oldSelf.ingressIPs) || has(self.ingressIPs)' - type: object - type: object - status: - description: status holds observed values from the cluster. They - may not be overridden. - properties: - apiServerInternalURI: - description: apiServerInternalURL is a valid URI with scheme - 'https', address and optionally a port (defaulting to 443). apiServerInternalURL - can be used by components like kubelets, to contact the - Kubernetes API server using the infrastructure provider - rather than Kubernetes networking. - type: string - apiServerURL: - description: apiServerURL is a valid URI with scheme 'https', - address and optionally a port (defaulting to 443). apiServerURL - can be used by components like the web console to tell users - where to find the Kubernetes API. - type: string - controlPlaneTopology: - default: HighlyAvailable - description: controlPlaneTopology expresses the expectations - for operands that normally run on control nodes. The default - is 'HighlyAvailable', which represents the behavior operators - have in a "normal" cluster. The 'SingleReplica' mode will - be used in single-node deployments and the operators should - not configure the operand for highly-available operation - The 'External' mode indicates that the control plane is - hosted externally to the cluster and that its components - are not visible within the cluster. - enum: - - HighlyAvailable - - SingleReplica - - External - type: string - cpuPartitioning: - default: None - description: cpuPartitioning expresses if CPU partitioning - is a currently enabled feature in the cluster. CPU Partitioning - means that this cluster can support partitioning workloads - to specific CPU Sets. Valid values are "None" and "AllNodes". - When omitted, the default value is "None". The default value - of "None" indicates that no nodes will be setup with CPU - partitioning. The "AllNodes" value indicates that all nodes - have been setup with CPU partitioning, and can then be further - configured via the PerformanceProfile API. - enum: - - None - - AllNodes - type: string - etcdDiscoveryDomain: - description: 'etcdDiscoveryDomain is the domain used to fetch - the SRV records for discovering etcd servers and clients. - For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery - deprecated: as of 4.7, this field is no longer set or honored. It - will be removed in a future release.' - type: string - infrastructureName: - description: infrastructureName uniquely identifies a cluster - with a human friendly name. Once set it should not be changed. - Must be of max length 27 and must have only alphanumeric - or hyphen characters. - type: string - infrastructureTopology: - default: HighlyAvailable - description: 'infrastructureTopology expresses the expectations - for infrastructure services that do not run on control plane - nodes, usually indicated by a node selector for a `role` - value other than `master`. The default is ''HighlyAvailable'', - which represents the behavior operators have in a "normal" - cluster. The ''SingleReplica'' mode will be used in single-node - deployments and the operators should not configure the operand - for highly-available operation NOTE: External topology mode - is not applicable for this field.' - enum: - - HighlyAvailable - - SingleReplica - type: string - platform: - description: "platform is the underlying infrastructure provider - for the cluster. \n Deprecated: Use platformStatus.type - instead." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - platformStatus: - description: platformStatus holds status information specific - to the underlying infrastructure provider. - properties: - alibabaCloud: - description: AlibabaCloud contains settings specific to - the Alibaba Cloud infrastructure provider. - properties: - region: - description: region specifies the region for Alibaba - Cloud resources created for the cluster. - pattern: ^[0-9A-Za-z-]+$ - type: string - resourceGroupID: - description: resourceGroupID is the ID of the resource - group for the cluster. - pattern: ^(rg-[0-9A-Za-z]+)?$ - type: string - resourceTags: - description: resourceTags is a list of additional - tags to apply to Alibaba Cloud resources created - for the cluster. - items: - description: AlibabaCloudResourceTag is the set - of tags to add to apply to resources. - properties: - key: - description: key is the key of the tag. - maxLength: 128 - minLength: 1 - type: string - value: - description: value is the value of the tag. - maxLength: 128 - minLength: 1 - type: string - required: - - key - - value - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - required: - - region - type: object - aws: - description: AWS contains settings specific to the Amazon - Web Services infrastructure provider. - properties: - region: - description: region holds the default AWS region for - new AWS resources created by the cluster. - type: string - resourceTags: - description: resourceTags is a list of additional - tags to apply to AWS resources created for the cluster. - See https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html - for information on tagging AWS resources. AWS supports - a maximum of 50 tags per resource. OpenShift reserves - 25 tags for its use, leaving 25 tags available for - the user. - items: - description: AWSResourceTag is a tag to apply to - AWS resources created for the cluster. - properties: - key: - description: key is the key of the tag - maxLength: 128 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - value: - description: value is the value of the tag. - Some AWS service do not support empty values. - Since tags are added to resources in many - services, the length of the tag value must - meet the requirements of all services. - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.:/=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 25 - type: array - x-kubernetes-list-type: atomic - serviceEndpoints: - description: ServiceEndpoints list contains custom - endpoints which will override default service endpoint - of AWS Services. There must be only one ServiceEndpoint - for a service. - items: - description: AWSServiceEndpoint store the configuration - of a custom url to override existing defaults - of AWS Services. - properties: - name: - description: name is the name of the AWS service. - The list of all the service names can be found - at https://docs.aws.amazon.com/general/latest/gr/aws-service-information.html - This must be provided and cannot be empty. - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with - scheme https, that overrides the default generated - endpoint for a client. This must be provided - and cannot be empty. - pattern: ^https:// - type: string - type: object - type: array - x-kubernetes-list-type: atomic - type: object - azure: - description: Azure contains settings specific to the Azure - infrastructure provider. - properties: - armEndpoint: - description: armEndpoint specifies a URL to use for - resource management in non-soverign clouds such - as Azure Stack. - type: string - cloudName: - description: cloudName is the name of the Azure cloud - environment which can be used to configure the Azure - SDK with the appropriate Azure API endpoints. If - empty, the value is equal to `AzurePublicCloud`. - enum: - - "" - - AzurePublicCloud - - AzureUSGovernmentCloud - - AzureChinaCloud - - AzureGermanCloud - - AzureStackCloud - type: string - networkResourceGroupName: - description: networkResourceGroupName is the Resource - Group for network resources like the Virtual Network - and Subnets used by the cluster. If empty, the value - is same as ResourceGroupName. - type: string - resourceGroupName: - description: resourceGroupName is the Resource Group - for new Azure resources created for the cluster. - type: string - resourceTags: - description: resourceTags is a list of additional - tags to apply to Azure resources created for the - cluster. See https://docs.microsoft.com/en-us/rest/api/resources/tags - for information on tagging Azure resources. Due - to limitations on Automation, Content Delivery Network, - DNS Azure resources, a maximum of 15 tags may be - applied. OpenShift reserves 5 tags for internal - use, allowing 10 tags for user configuration. - items: - description: AzureResourceTag is a tag to apply - to Azure resources created for the cluster. - properties: - key: - description: key is the key part of the tag. - A tag key can have a maximum of 128 characters - and cannot be empty. Key must begin with a - letter, end with a letter, number or underscore, - and must contain only alphanumeric characters - and the following special characters `_ . - -`. - maxLength: 128 - minLength: 1 - pattern: ^[a-zA-Z]([0-9A-Za-z_.-]*[0-9A-Za-z_])?$ - type: string - value: - description: 'value is the value part of the - tag. A tag value can have a maximum of 256 - characters and cannot be empty. Value must - contain only alphanumeric characters and the - following special characters `_ + , - . / - : ; < = > ? @`.' - maxLength: 256 - minLength: 1 - pattern: ^[0-9A-Za-z_.=+-@]+$ - type: string - required: - - key - - value - type: object - maxItems: 10 - type: array - x-kubernetes-list-type: atomic - x-kubernetes-validations: - - message: resourceTags are immutable and may only - be configured during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, - x in self) - type: object - x-kubernetes-validations: - - message: resourceTags may only be configured during - installation - rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) - || has(oldSelf.resourceTags) && has(self.resourceTags)' - baremetal: - description: BareMetal contains settings specific to the - BareMetal platform. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. \n Deprecated: Use - APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. \n Deprecated: Use IngressIPs - instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IPs otherwise only - one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer - used by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer - used by the cluster on BareMetal platform which - can be a user-managed or openshift-managed load - balancer that is to be used for the OpenShift - API and Ingress endpoints. When set to OpenShiftManagedDefault - the static pods in charge of API and Ingress - traffic load-balancing defined in the machine - config operator will be deployed. When set to - UserManaged these static pods will not be deployed - and it is expected that the load balancer is - configured out of band by the deployer. When - omitted, this means no opinion and the platform - is left to choose a reasonable default. The - default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used - to connect all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR - notation (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by - the DNS operator, `NodeDNSIP` provides name resolution - for the nodes themselves. There is no DNS-as-a-service - for BareMetal deployments. In order to minimize - necessary changes to the datacenter DNS, a DNS service - is hosted as a static pod to serve those hostnames - to the nodes in the cluster. - type: string - type: object - equinixMetal: - description: EquinixMetal contains settings specific to - the Equinix Metal infrastructure provider. - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. - type: string - type: object - external: - description: External contains settings specific to the - generic External infrastructure provider. - properties: - cloudControllerManager: - description: cloudControllerManager contains settings - specific to the external Cloud Controller Manager - (a.k.a. CCM or CPI). When omitted, new nodes will - be not tainted and no extra initialization from - the cloud controller manager is expected. - properties: - state: - description: "state determines whether or not - an external Cloud Controller Manager is expected - to be installed within the cluster. https://kubernetes.io/docs/tasks/administer-cluster/running-cloud-controller/#running-cloud-controller-manager - \n Valid values are \"External\", \"None\" and - omitted. When set to \"External\", new nodes - will be tainted as uninitialized when created, - preventing them from running workloads until - they are initialized by the cloud controller - manager. When omitted or set to \"None\", new - nodes will be not tainted and no extra initialization - from the cloud controller manager is expected." - enum: - - "" - - External - - None - type: string - x-kubernetes-validations: - - message: state is immutable once set - rule: self == oldSelf - type: object - x-kubernetes-validations: - - message: state may not be added or removed once - set - rule: (has(self.state) == has(oldSelf.state)) || - (!has(oldSelf.state) && self.state != "External") - type: object - x-kubernetes-validations: - - message: cloudControllerManager may not be added or - removed once set - rule: has(self.cloudControllerManager) == has(oldSelf.cloudControllerManager) - gcp: - description: GCP contains settings specific to the Google - Cloud Platform infrastructure provider. - properties: - cloudLoadBalancerConfig: - default: - dnsType: PlatformDefault - description: cloudLoadBalancerConfig is a union that - contains the IP addresses of API, API-Int and Ingress - Load Balancers created on the cloud platform. These - values would not be populated on on-prem platforms. - These Load Balancer IPs are used to configure the - in-cluster DNS instances for API, API-Int and Ingress - services. `dnsType` is expected to be set to `ClusterHosted` - when these Load Balancer IP addresses are populated - and used. - nullable: true - properties: - clusterHosted: - description: clusterHosted holds the IP addresses - of API, API-Int and Ingress Load Balancers on - Cloud Platforms. The DNS solution hosted within - the cluster use these IP addresses to provide - resolution for API, API-Int and Ingress services. - properties: - apiIntLoadBalancerIPs: - description: apiIntLoadBalancerIPs holds Load - Balancer IPs for the internal API service. - These Load Balancer IP addresses can be - IPv4 and/or IPv6 addresses. Entries in the - apiIntLoadBalancerIPs must be unique. A - maximum of 16 IP addresses are permitted. - format: ip - items: - description: IP is an IP address (for example, - "10.0.0.0" or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 16 - type: array - x-kubernetes-list-type: set - apiLoadBalancerIPs: - description: apiLoadBalancerIPs holds Load - Balancer IPs for the API service. These - Load Balancer IP addresses can be IPv4 and/or - IPv6 addresses. Could be empty for private - clusters. Entries in the apiLoadBalancerIPs - must be unique. A maximum of 16 IP addresses - are permitted. - format: ip - items: - description: IP is an IP address (for example, - "10.0.0.0" or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 16 - type: array - x-kubernetes-list-type: set - ingressLoadBalancerIPs: - description: ingressLoadBalancerIPs holds - IPs for Ingress Load Balancers. These Load - Balancer IP addresses can be IPv4 and/or - IPv6 addresses. Entries in the ingressLoadBalancerIPs - must be unique. A maximum of 16 IP addresses - are permitted. - format: ip - items: - description: IP is an IP address (for example, - "10.0.0.0" or "fd00::"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*) - type: string - maxItems: 16 - type: array - x-kubernetes-list-type: set - type: object - dnsType: - default: PlatformDefault - description: dnsType indicates the type of DNS - solution in use within the cluster. Its default - value of `PlatformDefault` indicates that the - cluster's DNS is the default provided by the - cloud platform. It can be set to `ClusterHosted` - to bypass the configuration of the cloud default - DNS. In this mode, the cluster needs to provide - a self-hosted DNS solution for the cluster's - installation to succeed. The cluster's use of - the cloud's Load Balancers is unaffected by - this setting. The value is immutable after it - has been set at install time. Currently, there - is no way for the customer to add additional - DNS entries into the cluster hosted DNS. Enabling - this functionality allows the user to start - their own DNS solution outside the cluster after - installation is complete. The customer would - be responsible for configuring this custom DNS - solution, and it can be run in addition to the - in-cluster DNS solution. - enum: - - ClusterHosted - - PlatformDefault - type: string - x-kubernetes-validations: - - message: dnsType is immutable - rule: oldSelf == '' || self == oldSelf - type: object - x-kubernetes-validations: - - message: clusterHosted is permitted only when dnsType - is ClusterHosted - rule: 'has(self.dnsType) && self.dnsType != ''ClusterHosted'' - ? !has(self.clusterHosted) : true' - projectID: - description: resourceGroupName is the Project ID for - new GCP resources created for the cluster. - type: string - region: - description: region holds the region for new GCP resources - created for the cluster. - type: string - resourceLabels: - description: resourceLabels is a list of additional - labels to apply to GCP resources created for the - cluster. See https://cloud.google.com/compute/docs/labeling-resources - for information on labeling GCP resources. GCP supports - a maximum of 64 labels per resource. OpenShift reserves - 32 labels for internal use, allowing 32 labels for - user configuration. - items: - description: GCPResourceLabel is a label to apply - to GCP resources created for the cluster. - properties: - key: - description: key is the key part of the label. - A label key can have a maximum of 63 characters - and cannot be empty. Label key must begin - with a lowercase letter, and must contain - only lowercase letters, numeric characters, - and the following special characters `_-`. - Label key must not have the reserved prefixes - `kubernetes-io` and `openshift-io`. - maxLength: 63 - minLength: 1 - pattern: ^[a-z][0-9a-z_-]{0,62}$ - type: string - x-kubernetes-validations: - - message: label keys must not start with either - `openshift-io` or `kubernetes-io` - rule: '!self.startsWith(''openshift-io'') - && !self.startsWith(''kubernetes-io'')' - value: - description: value is the value part of the - label. A label value can have a maximum of - 63 characters and cannot be empty. Value must - contain only lowercase letters, numeric characters, - and the following special characters `_-`. - maxLength: 63 - minLength: 1 - pattern: ^[0-9a-z_-]{1,63}$ - type: string - required: - - key - - value - type: object - maxItems: 32 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: resourceLabels are immutable and may only - be configured during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, - x in self) - resourceTags: - description: resourceTags is a list of additional - tags to apply to GCP resources created for the cluster. - See https://cloud.google.com/resource-manager/docs/tags/tags-overview - for information on tagging GCP resources. GCP supports - a maximum of 50 tags per resource. - items: - description: GCPResourceTag is a tag to apply to - GCP resources created for the cluster. - properties: - key: - description: key is the key part of the tag. - A tag key can have a maximum of 63 characters - and cannot be empty. Tag key must begin and - end with an alphanumeric character, and must - contain only uppercase, lowercase alphanumeric - characters, and the following special characters - `._-`. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.-]{0,61}[a-zA-Z0-9])?$ - type: string - parentID: - description: 'parentID is the ID of the hierarchical - resource where the tags are defined, e.g. - at the Organization or the Project level. - To find the Organization or Project ID refer - to the following pages: https://cloud.google.com/resource-manager/docs/creating-managing-organization#retrieving_your_organization_id, - https://cloud.google.com/resource-manager/docs/creating-managing-projects#identifying_projects. - An OrganizationID must consist of decimal - numbers, and cannot have leading zeroes. A - ProjectID must be 6 to 30 characters in length, - can only contain lowercase letters, numbers, - and hyphens, and must start with a letter, - and cannot end with a hyphen.' - maxLength: 32 - minLength: 1 - pattern: (^[1-9][0-9]{0,31}$)|(^[a-z][a-z0-9-]{4,28}[a-z0-9]$) - type: string - value: - description: value is the value part of the - tag. A tag value can have a maximum of 63 - characters and cannot be empty. Tag value - must begin and end with an alphanumeric character, - and must contain only uppercase, lowercase - alphanumeric characters, and the following - special characters `_-.@%=+:,*#&(){}[]` and - spaces. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9]([0-9A-Za-z_.@%=+:,*#&()\[\]{}\-\s]{0,61}[a-zA-Z0-9])?$ - type: string - required: - - key - - parentID - - value - type: object - maxItems: 50 - type: array - x-kubernetes-list-map-keys: - - key - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: resourceTags are immutable and may only - be configured during installation - rule: self.all(x, x in oldSelf) && oldSelf.all(x, - x in self) - type: object - x-kubernetes-validations: - - message: resourceLabels may only be configured during - installation - rule: '!has(oldSelf.resourceLabels) && !has(self.resourceLabels) - || has(oldSelf.resourceLabels) && has(self.resourceLabels)' - - message: resourceTags may only be configured during - installation - rule: '!has(oldSelf.resourceTags) && !has(self.resourceTags) - || has(oldSelf.resourceTags) && has(self.resourceTags)' - ibmcloud: - description: IBMCloud contains settings specific to the - IBMCloud infrastructure provider. - properties: - cisInstanceCRN: - description: CISInstanceCRN is the CRN of the Cloud - Internet Services instance managing the DNS zone - for the cluster's base domain - type: string - dnsInstanceCRN: - description: DNSInstanceCRN is the CRN of the DNS - Services instance managing the DNS zone for the - cluster's base domain - type: string - location: - description: Location is where the cluster has been - deployed - type: string - providerType: - description: ProviderType indicates the type of cluster - that was created - type: string - resourceGroupName: - description: ResourceGroupName is the Resource Group - for new IBMCloud resources created for the cluster. - type: string - serviceEndpoints: - description: serviceEndpoints is a list of custom - endpoints which will override the default service - endpoints of an IBM Cloud service. These endpoints - are consumed by components within the cluster to - reach the respective IBM Cloud Services. - items: - description: IBMCloudServiceEndpoint stores the - configuration of a custom url to override existing - defaults of IBM Cloud Services. - properties: - name: - description: 'name is the name of the IBM Cloud - service. Possible values are: CIS, COS, DNSServices, - GlobalSearch, GlobalTagging, HyperProtect, - IAM, KeyProtect, ResourceController, ResourceManager, - or VPC. For example, the IBM Cloud Private - IAM service could be configured with the service - `name` of `IAM` and `url` of `https://private.iam.cloud.ibm.com` - Whereas the IBM Cloud Private VPC service - for US South (Dallas) could be configured - with the service `name` of `VPC` and `url` - of `https://us.south.private.iaas.cloud.ibm.com`' - enum: - - CIS - - COS - - DNSServices - - GlobalSearch - - GlobalTagging - - HyperProtect - - IAM - - KeyProtect - - ResourceController - - ResourceManager - - VPC - type: string - url: - description: url is fully qualified URI with - scheme https, that overrides the default generated - endpoint for a client. This must be provided - and cannot be empty. - type: string - x-kubernetes-validations: - - message: url must be a valid absolute URL - rule: isURL(self) - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - type: object - kubevirt: - description: Kubevirt contains settings specific to the - kubevirt infrastructure provider. - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. - type: string - type: object - nutanix: - description: Nutanix contains settings specific to the - Nutanix infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. \n Deprecated: Use - APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. \n Deprecated: Use IngressIPs - instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IPs otherwise only - one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer - used by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer - used by the cluster on Nutanix platform which - can be a user-managed or openshift-managed load - balancer that is to be used for the OpenShift - API and Ingress endpoints. When set to OpenShiftManagedDefault - the static pods in charge of API and Ingress - traffic load-balancing defined in the machine - config operator will be deployed. When set to - UserManaged these static pods will not be deployed - and it is expected that the load balancer is - configured out of band by the deployer. When - omitted, this means no opinion and the platform - is left to choose a reasonable default. The - default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - type: object - openstack: - description: OpenStack contains settings specific to the - OpenStack infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. \n Deprecated: Use - APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - cloudName: - description: cloudName is the name of the desired - OpenStack cloud in the client configuration file - (`clouds.yaml`). - type: string - ingressIP: - description: "ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. \n Deprecated: Use IngressIPs - instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IPs otherwise only - one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer - used by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer - used by the cluster on OpenStack platform which - can be a user-managed or openshift-managed load - balancer that is to be used for the OpenShift - API and Ingress endpoints. When set to OpenShiftManagedDefault - the static pods in charge of API and Ingress - traffic load-balancing defined in the machine - config operator will be deployed. When set to - UserManaged these static pods will not be deployed - and it is expected that the load balancer is - configured out of band by the deployer. When - omitted, this means no opinion and the platform - is left to choose a reasonable default. The - default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used - to connect all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR - notation (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by - the DNS operator, `NodeDNSIP` provides name resolution - for the nodes themselves. There is no DNS-as-a-service - for OpenStack deployments. In order to minimize - necessary changes to the datacenter DNS, a DNS service - is hosted as a static pod to serve those hostnames - to the nodes in the cluster. - type: string - type: object - ovirt: - description: Ovirt contains settings specific to the oVirt - infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. \n Deprecated: Use - APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. \n Deprecated: Use IngressIPs - instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IPs otherwise only - one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer - used by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer - used by the cluster on Ovirt platform which - can be a user-managed or openshift-managed load - balancer that is to be used for the OpenShift - API and Ingress endpoints. When set to OpenShiftManagedDefault - the static pods in charge of API and Ingress - traffic load-balancing defined in the machine - config operator will be deployed. When set to - UserManaged these static pods will not be deployed - and it is expected that the load balancer is - configured out of band by the deployer. When - omitted, this means no opinion and the platform - is left to choose a reasonable default. The - default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - nodeDNSIP: - description: 'deprecated: as of 4.6, this field is - no longer set or honored. It will be removed in - a future release.' - type: string - type: object - powervs: - description: PowerVS contains settings specific to the - Power Systems Virtual Servers infrastructure provider. - properties: - cisInstanceCRN: - description: CISInstanceCRN is the CRN of the Cloud - Internet Services instance managing the DNS zone - for the cluster's base domain - type: string - dnsInstanceCRN: - description: DNSInstanceCRN is the CRN of the DNS - Services instance managing the DNS zone for the - cluster's base domain - type: string - region: - description: region holds the default Power VS region - for new Power VS resources created by the cluster. - type: string - resourceGroup: - description: 'resourceGroup is the resource group - name for new IBMCloud resources created for a cluster. - The resource group specified here will be used by - cluster-image-registry-operator to set up a COS - Instance in IBMCloud for the cluster registry. More - about resource groups can be found here: https://cloud.ibm.com/docs/account?topic=account-rgs. - When omitted, the image registry operator won''t - be able to configure storage, which results in the - image registry cluster operator not being in an - available state.' - maxLength: 40 - pattern: ^[a-zA-Z0-9-_ ]+$ - type: string - x-kubernetes-validations: - - message: resourceGroup is immutable once set - rule: oldSelf == '' || self == oldSelf - serviceEndpoints: - description: serviceEndpoints is a list of custom - endpoints which will override the default service - endpoints of a Power VS service. - items: - description: PowervsServiceEndpoint stores the configuration - of a custom url to override existing defaults - of PowerVS Services. - properties: - name: - description: name is the name of the Power VS - service. Few of the services are IAM - https://cloud.ibm.com/apidocs/iam-identity-token-api - ResourceController - https://cloud.ibm.com/apidocs/resource-controller/resource-controller - Power Cloud - https://cloud.ibm.com/apidocs/power-cloud - pattern: ^[a-z0-9-]+$ - type: string - url: - description: url is fully qualified URI with - scheme https, that overrides the default generated - endpoint for a client. This must be provided - and cannot be empty. - format: uri - pattern: ^https:// - type: string - required: - - name - - url - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - zone: - description: 'zone holds the default zone for the - new Power VS resources created by the cluster. Note: - Currently only single-zone OCP clusters are supported' - type: string - type: object - x-kubernetes-validations: - - message: cannot unset resourceGroup once set - rule: '!has(oldSelf.resourceGroup) || has(self.resourceGroup)' - type: - description: "type is the underlying infrastructure provider - for the cluster. This value controls whether infrastructure - automation such as service load balancers, dynamic volume - provisioning, machine creation and deletion, and other - integrations are enabled. If None, no infrastructure - automation is enabled. Allowed values are \"AWS\", \"Azure\", - \"BareMetal\", \"GCP\", \"Libvirt\", \"OpenStack\", - \"VSphere\", \"oVirt\", \"EquinixMetal\", \"PowerVS\", - \"AlibabaCloud\", \"Nutanix\" and \"None\". Individual - components may not support all platforms, and must handle - unrecognized platforms as None if they do not support - that platform. \n This value will be synced with to - the `status.platform` and `status.platformStatus.type`. - Currently this value cannot be changed once set." - enum: - - "" - - AWS - - Azure - - BareMetal - - GCP - - Libvirt - - OpenStack - - None - - VSphere - - oVirt - - IBMCloud - - KubeVirt - - EquinixMetal - - PowerVS - - AlibabaCloud - - Nutanix - - External - type: string - vsphere: - description: VSphere contains settings specific to the - VSphere infrastructure provider. - properties: - apiServerInternalIP: - description: "apiServerInternalIP is an IP address - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. \n Deprecated: Use - APIServerInternalIPs instead." - type: string - apiServerInternalIPs: - description: apiServerInternalIPs are the IP addresses - to contact the Kubernetes API server that can be - used by components inside the cluster, like kubelets - using the infrastructure rather than Kubernetes - networking. These are the IPs for a self-hosted - load balancer in front of the API servers. In dual - stack clusters this list contains two IPs otherwise - only one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - ingressIP: - description: "ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve - default route host names. \n Deprecated: Use IngressIPs - instead." - type: string - ingressIPs: - description: ingressIPs are the external IPs which - route to the default ingress controller. The IPs - are suitable targets of a wildcard DNS record used - to resolve default route host names. In dual stack - clusters this list contains two IPs otherwise only - one. - format: ip - items: - type: string - maxItems: 2 - type: array - x-kubernetes-list-type: set - loadBalancer: - default: - type: OpenShiftManagedDefault - description: loadBalancer defines how the load balancer - used by the cluster is configured. - properties: - type: - default: OpenShiftManagedDefault - description: type defines the type of load balancer - used by the cluster on VSphere platform which - can be a user-managed or openshift-managed load - balancer that is to be used for the OpenShift - API and Ingress endpoints. When set to OpenShiftManagedDefault - the static pods in charge of API and Ingress - traffic load-balancing defined in the machine - config operator will be deployed. When set to - UserManaged these static pods will not be deployed - and it is expected that the load balancer is - configured out of band by the deployer. When - omitted, this means no opinion and the platform - is left to choose a reasonable default. The - default value is OpenShiftManagedDefault. - enum: - - OpenShiftManagedDefault - - UserManaged - type: string - x-kubernetes-validations: - - message: type is immutable once set - rule: oldSelf == '' || self == oldSelf - type: object - machineNetworks: - description: machineNetworks are IP networks used - to connect all the OpenShift cluster nodes. - items: - description: CIDR is an IP address range in CIDR - notation (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(3[0-2]|[1-2][0-9]|[0-9]))$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - maxItems: 32 - type: array - x-kubernetes-list-type: set - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by - the DNS operator, `NodeDNSIP` provides name resolution - for the nodes themselves. There is no DNS-as-a-service - for vSphere deployments. In order to minimize necessary - changes to the datacenter DNS, a DNS service is - hosted as a static pod to serve those hostnames - to the nodes in the cluster. - type: string - type: object - type: object - type: object - required: - - spec - type: object - x-kubernetes-embedded-resource: true - internalRegistryPullSecret: - description: internalRegistryPullSecret is the pull secret for the - internal registry, used by rpm-ostree to pull images from the internal - registry if present - format: byte - nullable: true - type: string - ipFamilies: - description: ipFamilies indicates the IP families in use by the cluster - network - type: string - kubeAPIServerServingCAData: - description: kubeAPIServerServingCAData managed Kubelet to API Server - Cert... Rotated automatically - format: byte - type: string - network: - description: Network contains additional network related information - nullable: true - properties: - mtuMigration: - description: MTUMigration contains the MTU migration configuration. - nullable: true - properties: - machine: - description: Machine contains MTU migration configuration - for the machine's uplink. - properties: - from: - description: From is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: To is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - network: - description: Network contains MTU migration configuration - for the default network. - properties: - from: - description: From is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: To is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - type: object - required: - - mtuMigration - type: object - networkType: - description: 'networkType holds the type of network the cluster is - using XXX: this is temporary and will be dropped as soon as possible - in favor of a better support to start network related services the - proper way. Nobody is also changing this once the cluster is up - and running the first time, so, disallow regeneration if this changes.' - type: string - osImageURL: - description: OSImageURL is the old-format container image that contains - the OS update payload. - type: string - platform: - description: platform is deprecated, use Infra.Status.PlatformStatus.Type - instead - type: string - proxy: - description: proxy holds the current proxy configuration for the nodes - nullable: true - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS requests. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames and/or - CIDRs for which the proxy should not be used. - type: string - type: object - pullSecret: - description: pullSecret is the default pull secret that needs to be - installed on all machines. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - x-kubernetes-map-type: atomic - releaseImage: - description: releaseImage is the image used when installing the cluster - type: string - rootCAData: - description: rootCAData specifies the root CA data - format: byte - type: string - required: - - additionalTrustBundle - - baseOSContainerImage - - cloudProviderCAData - - cloudProviderConfig - - clusterDNSIP - - dns - - images - - infra - - ipFamilies - - kubeAPIServerServingCAData - - network - - proxy - - releaseImage - - rootCAData - type: object - status: - description: ControllerConfigStatus is the status for ControllerConfig - properties: - conditions: - description: conditions represents the latest available observations - of current state. - items: - description: ControllerConfigStatusCondition contains condition - information for ControllerConfigStatus - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status object. - format: date-time - nullable: true - type: string - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. - type: string - reason: - description: reason is the reason for the condition's last transition. Reasons - are PascalCase - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the state of the operator's reconciliation - functionality. - type: string - required: - - lastTransitionTime - - status - - type - type: object - type: array - x-kubernetes-list-type: atomic - controllerCertificates: - description: controllerCertificates represents the latest available - observations of the automatically rotating certificates in the MCO. - items: - description: ControllerCertificate contains info about a specific - cert. - properties: - bundleFile: - description: bundleFile is the larger bundle a cert comes from - type: string - notAfter: - description: notAfter is the upper boundary for validity - format: date-time - type: string - notBefore: - description: notBefore is the lower boundary for validity - format: date-time - type: string - signer: - description: signer is the cert Issuer - type: string - subject: - description: subject is the cert subject - type: string - required: - - bundleFile - - signer - - subject - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration represents the generation observed - by the controller. - format: int64 - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_kubeletconfig.crd.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_kubeletconfig.crd.yaml deleted file mode 100644 index 8c9c53a02d2..00000000000 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_kubeletconfig.crd.yaml +++ /dev/null @@ -1,240 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1453 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - labels: - openshift.io/operator-managed: "" - name: kubeletconfigs.machineconfiguration.openshift.io -spec: - group: machineconfiguration.openshift.io - names: - kind: KubeletConfig - listKind: KubeletConfigList - plural: kubeletconfigs - singular: kubeletconfig - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "KubeletConfig describes a customized Kubelet configuration. - \n Compatibility level 1: Stable within a major release for a minimum of - 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KubeletConfigSpec defines the desired state of KubeletConfig - properties: - autoSizingReserved: - type: boolean - kubeletConfig: - description: kubeletConfig fields are defined in kubernetes upstream. - Please refer to the types defined in the version/commit used by - OpenShift of the upstream kubernetes. It's important to note that, - since the fields of the kubelet configuration are directly fetched - from upstream the validation of those values is handled directly - by the kubelet. Please refer to the upstream version of the relevant - kubernetes for the valid values of these fields. Invalid values - of the kubelet configuration fields may render cluster nodes unusable. - type: object - x-kubernetes-preserve-unknown-fields: true - logLevel: - format: int32 - type: integer - machineConfigPoolSelector: - description: MachineConfigPoolSelector selects which pools the KubeletConfig - shoud apply to. A nil selector will result in no pools being selected. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - tlsSecurityProfile: - description: If unset, the default is based on the apiservers.config.openshift.io/cluster - resource. Note that only Old and Intermediate profiles are currently - supported, and the maximum available minTLSVersion is VersionTLS12. - properties: - custom: - description: "custom is a user-defined TLS security profile. Be - extremely careful using a custom profile as invalid configurations - can be catastrophic. An example custom profile looks like this: - \n ciphers: \n - ECDHE-ECDSA-CHACHA20-POLY1305 \n - ECDHE-RSA-CHACHA20-POLY1305 - \n - ECDHE-RSA-AES128-GCM-SHA256 \n - ECDHE-ECDSA-AES128-GCM-SHA256 - \n minTLSVersion: VersionTLS11" - nullable: true - properties: - ciphers: - description: "ciphers is used to specify the cipher algorithms - that are negotiated during the TLS handshake. Operators - may remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" - items: - type: string - type: array - minTLSVersion: - description: "minTLSVersion is used to specify the minimal - version of the TLS protocol that is negotiated during the - TLS handshake. For example, to use TLS versions 1.1, 1.2 - and 1.3 (yaml): \n minTLSVersion: VersionTLS11 \n NOTE: - currently the highest minTLSVersion allowed is VersionTLS12" - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - type: string - type: object - intermediate: - description: "intermediate is a TLS security profile based on: - \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - \n and looks like this (yaml): \n ciphers: \n - TLS_AES_128_GCM_SHA256 - \n - TLS_AES_256_GCM_SHA384 \n - TLS_CHACHA20_POLY1305_SHA256 - \n - ECDHE-ECDSA-AES128-GCM-SHA256 \n - ECDHE-RSA-AES128-GCM-SHA256 - \n - ECDHE-ECDSA-AES256-GCM-SHA384 \n - ECDHE-RSA-AES256-GCM-SHA384 - \n - ECDHE-ECDSA-CHACHA20-POLY1305 \n - ECDHE-RSA-CHACHA20-POLY1305 - \n - DHE-RSA-AES128-GCM-SHA256 \n - DHE-RSA-AES256-GCM-SHA384 - \n minTLSVersion: VersionTLS12" - nullable: true - type: object - modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - \n and looks like this (yaml): \n ciphers: \n - TLS_AES_128_GCM_SHA256 - \n - TLS_AES_256_GCM_SHA384 \n - TLS_CHACHA20_POLY1305_SHA256 - \n minTLSVersion: VersionTLS13" - nullable: true - type: object - old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - \n and looks like this (yaml): \n ciphers: \n - TLS_AES_128_GCM_SHA256 - \n - TLS_AES_256_GCM_SHA384 \n - TLS_CHACHA20_POLY1305_SHA256 - \n - ECDHE-ECDSA-AES128-GCM-SHA256 \n - ECDHE-RSA-AES128-GCM-SHA256 - \n - ECDHE-ECDSA-AES256-GCM-SHA384 \n - ECDHE-RSA-AES256-GCM-SHA384 - \n - ECDHE-ECDSA-CHACHA20-POLY1305 \n - ECDHE-RSA-CHACHA20-POLY1305 - \n - DHE-RSA-AES128-GCM-SHA256 \n - DHE-RSA-AES256-GCM-SHA384 - \n - DHE-RSA-CHACHA20-POLY1305 \n - ECDHE-ECDSA-AES128-SHA256 - \n - ECDHE-RSA-AES128-SHA256 \n - ECDHE-ECDSA-AES128-SHA \n - - ECDHE-RSA-AES128-SHA \n - ECDHE-ECDSA-AES256-SHA384 \n - ECDHE-RSA-AES256-SHA384 - \n - ECDHE-ECDSA-AES256-SHA \n - ECDHE-RSA-AES256-SHA \n - DHE-RSA-AES128-SHA256 - \n - DHE-RSA-AES256-SHA256 \n - AES128-GCM-SHA256 \n - AES256-GCM-SHA384 - \n - AES128-SHA256 \n - AES256-SHA256 \n - AES128-SHA \n - AES256-SHA - \n - DES-CBC3-SHA \n minTLSVersion: VersionTLS10" - nullable: true - type: object - type: - description: "type is one of Old, Intermediate, Modern or Custom. - Custom provides the ability to specify individual TLS security - profile parameters. Old, Intermediate and Modern are TLS security - profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - \n The profiles are intent based, so they may change over time - as new ciphers are developed and existing ciphers are found - to be insecure. Depending on precisely which ciphers are available - to a process, the list may be reduced. \n Note that the Modern - profile is currently not supported because it is not yet well - adopted by common software libraries." - enum: - - Old - - Intermediate - - Modern - - Custom - type: string - type: object - type: object - status: - description: KubeletConfigStatus defines the observed state of a KubeletConfig - properties: - conditions: - description: conditions represents the latest available observations - of current state. - items: - description: KubeletConfigCondition defines the state of the KubeletConfig - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status object. - format: date-time - nullable: true - type: string - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. - type: string - reason: - description: reason is the reason for the condition's last transition. Reasons - are PascalCase - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the state of the operator's reconciliation - functionality. - type: string - type: object - type: array - observedGeneration: - description: observedGeneration represents the generation observed - by the controller. - format: int64 - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_machineconfig.crd.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_machineconfig.crd.yaml deleted file mode 100644 index 2c5d82f387b..00000000000 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_machineconfig.crd.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1453 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - labels: - openshift.io/operator-managed: "" - name: machineconfigs.machineconfiguration.openshift.io -spec: - group: machineconfiguration.openshift.io - names: - kind: MachineConfig - listKind: MachineConfigList - plural: machineconfigs - shortNames: - - mc - singular: machineconfig - scope: Cluster - versions: - - additionalPrinterColumns: - - description: Version of the controller that generated the machineconfig. This - will be empty if the machineconfig is not managed by a controller. - jsonPath: .metadata.annotations.machineconfiguration\.openshift\.io/generated-by-controller-version - name: GeneratedByController - type: string - - description: Version of the Ignition Config defined in the machineconfig. - jsonPath: .spec.config.ignition.version - name: IgnitionVersion - type: string - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: "MachineConfig defines the configuration for a machine \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MachineConfigSpec is the spec for MachineConfig - properties: - baseOSExtensionsContainerImage: - description: BaseOSExtensionsContainerImage specifies the remote location - that will be used to fetch the extensions container matching a new-format - OS image - type: string - config: - description: Config is a Ignition Config object. - type: object - x-kubernetes-preserve-unknown-fields: true - extensions: - description: extensions contains a list of additional features that - can be enabled on host - items: - type: string - type: array - x-kubernetes-list-type: atomic - fips: - description: fips controls FIPS mode - type: boolean - kernelArguments: - description: kernelArguments contains a list of kernel arguments to - be added - items: - type: string - nullable: true - type: array - x-kubernetes-list-type: atomic - kernelType: - description: kernelType contains which kernel we want to be running - like default (traditional), realtime, 64k-pages (aarch64 only). - type: string - osImageURL: - description: OSImageURL specifies the remote location that will be - used to fetch the OS. - type: string - type: object - type: object - served: true - storage: true diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_machineconfigpool.crd.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_machineconfigpool.crd.yaml deleted file mode 100644 index c54fdbd6b9e..00000000000 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/0000_80_machineconfigpool.crd.yaml +++ /dev/null @@ -1,514 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1453 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - labels: - openshift.io/operator-managed: "" - name: machineconfigpools.machineconfiguration.openshift.io -spec: - group: machineconfiguration.openshift.io - names: - kind: MachineConfigPool - listKind: MachineConfigPoolList - plural: machineconfigpools - shortNames: - - mcp - singular: machineconfigpool - scope: Cluster - versions: - - additionalPrinterColumns: - - jsonPath: .status.configuration.name - name: Config - type: string - - description: When all the machines in the pool are updated to the correct machine - config. - jsonPath: .status.conditions[?(@.type=="Updated")].status - name: Updated - type: string - - description: When at least one of machine is not either not updated or is in - the process of updating to the desired machine config. - jsonPath: .status.conditions[?(@.type=="Updating")].status - name: Updating - type: string - - description: When progress is blocked on updating one or more nodes or the pool - configuration is failing. - jsonPath: .status.conditions[?(@.type=="Degraded")].status - name: Degraded - type: string - - description: Total number of machines in the machine config pool - jsonPath: .status.machineCount - name: MachineCount - type: number - - description: Total number of ready machines targeted by the pool - jsonPath: .status.readyMachineCount - name: ReadyMachineCount - type: number - - description: Total number of machines targeted by the pool that have the CurrentMachineConfig - as their config - jsonPath: .status.updatedMachineCount - name: UpdatedMachineCount - type: number - - description: Total number of machines marked degraded (or unreconcilable) - jsonPath: .status.degradedMachineCount - name: DegradedMachineCount - type: number - - jsonPath: .metadata.creationTimestamp - name: Age - type: date - name: v1 - schema: - openAPIV3Schema: - description: "MachineConfigPool describes a pool of MachineConfigs. \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MachineConfigPoolSpec is the spec for MachineConfigPool resource. - properties: - configuration: - description: The targeted MachineConfig object for the machine config - pool. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - source: - description: source is the list of MachineConfig objects that - were used to generate the single MachineConfig object specified - in `content`. - items: - description: "ObjectReference contains enough information to - let you inspect or modify the referred object. --- New uses - of this type are discouraged because of difficulty describing - its usage when embedded in APIs. 1. Ignored fields. It includes - many fields which are not generally honored. For instance, - ResourceVersion and FieldPath are both very rarely valid in - actual usage. 2. Invalid usage help. It is impossible to - add specific help for individual usage. In most embedded - usages, there are particular restrictions like, \"must refer - only to types A and B\" or \"UID not honored\" or \"name must - be restricted\". Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, - the validation rules are different by usage, which makes it - hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency - is on the group,resource tuple and the version of the actual - struct is irrelevant. 5. We cannot easily change it. Because - this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an - underspecified API type they do not control. \n Instead of - using this type, create a locally provided and used type that - is well-focused on your reference. For example, ServiceReferences - for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - ." - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container - within a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that - triggered the event) or if no container name is specified - "spec.containers[2]" (container with index 2 in this pod). - This syntax is chosen only to have some well-defined way - of referencing a part of an object. TODO: this design - is not final and this field is subject to change in the - future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - x-kubernetes-map-type: atomic - machineConfigSelector: - description: machineConfigSelector specifies a label selector for - MachineConfigs. Refer https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - on how label and selectors work. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - maxUnavailable: - anyOf: - - type: integer - - type: string - description: "maxUnavailable defines either an integer number or percentage - of nodes in the pool that can go Unavailable during an update. This - includes nodes Unavailable for any reason, including user initiated - cordons, failing nodes, etc. The default value is 1. \n A value - larger than 1 will mean multiple nodes going unavailable during - the update, which may affect your workload stress on the remaining - nodes. You cannot set this value to 0 to stop updates (it will default - back to 1); to stop updates, use the 'paused' property instead. - Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum - guards, even if maxUnavailable is greater than one." - x-kubernetes-int-or-string: true - nodeSelector: - description: nodeSelector specifies a label selector for Machines - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - paused: - description: paused specifies whether or not changes to this machine - config pool should be stopped. This includes generating new desiredMachineConfig - and update of machines. - type: boolean - type: object - status: - description: MachineConfigPoolStatus is the status for MachineConfigPool - resource. - properties: - certExpirys: - description: certExpirys keeps track of important certificate expiration - data - items: - description: ceryExpiry contains the bundle name and the expiry - date - properties: - bundle: - description: bundle is the name of the bundle in which the subject - certificate resides - type: string - expiry: - description: expiry is the date after which the certificate - will no longer be valid - format: date-time - type: string - subject: - description: subject is the subject of the certificate - type: string - required: - - bundle - - subject - type: object - type: array - x-kubernetes-list-type: atomic - conditions: - description: conditions represents the latest available observations - of current state. - items: - description: MachineConfigPoolCondition contains condition information - for an MachineConfigPool. - properties: - lastTransitionTime: - description: lastTransitionTime is the timestamp corresponding - to the last status change of this condition. - format: date-time - nullable: true - type: string - message: - description: message is a human readable description of the - details of the last transition, complementing reason. - type: string - reason: - description: reason is a brief machine readable explanation - for the condition's last transition. - type: string - status: - description: status of the condition, one of ('True', 'False', - 'Unknown'). - type: string - type: - description: type of the condition, currently ('Done', 'Updating', - 'Failed'). - type: string - type: object - type: array - x-kubernetes-list-type: atomic - configuration: - description: configuration represents the current MachineConfig object - for the machine config pool. - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of - an entire object, this string should contain a valid JSON/Go - field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part of - an object. TODO: this design is not final and this field is - subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - source: - description: source is the list of MachineConfig objects that - were used to generate the single MachineConfig object specified - in `content`. - items: - description: "ObjectReference contains enough information to - let you inspect or modify the referred object. --- New uses - of this type are discouraged because of difficulty describing - its usage when embedded in APIs. 1. Ignored fields. It includes - many fields which are not generally honored. For instance, - ResourceVersion and FieldPath are both very rarely valid in - actual usage. 2. Invalid usage help. It is impossible to - add specific help for individual usage. In most embedded - usages, there are particular restrictions like, \"must refer - only to types A and B\" or \"UID not honored\" or \"name must - be restricted\". Those cannot be well described when embedded. - 3. Inconsistent validation. Because the usages are different, - the validation rules are different by usage, which makes it - hard for users to predict what will happen. 4. The fields - are both imprecise and overly precise. Kind is not a precise - mapping to a URL. This can produce ambiguity during interpretation - and require a REST mapping. In most cases, the dependency - is on the group,resource tuple and the version of the actual - struct is irrelevant. 5. We cannot easily change it. Because - this type is embedded in many locations, updates to this type - will affect numerous schemas. Don't make new APIs embed an - underspecified API type they do not control. \n Instead of - using this type, create a locally provided and used type that - is well-focused on your reference. For example, ServiceReferences - for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 - ." - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container - within a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that - triggered the event) or if no container name is specified - "spec.containers[2]" (container with index 2 in this pod). - This syntax is chosen only to have some well-defined way - of referencing a part of an object. TODO: this design - is not final and this field is subject to change in the - future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - x-kubernetes-map-type: atomic - type: array - x-kubernetes-list-type: atomic - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - type: object - x-kubernetes-map-type: atomic - degradedMachineCount: - description: degradedMachineCount represents the total number of machines - marked degraded (or unreconcilable). A node is marked degraded if - applying a configuration failed.. - format: int32 - type: integer - machineCount: - description: machineCount represents the total number of machines - in the machine config pool. - format: int32 - type: integer - observedGeneration: - description: observedGeneration represents the generation observed - by the controller. - format: int64 - type: integer - readyMachineCount: - description: readyMachineCount represents the total number of ready - machines targeted by the pool. - format: int32 - type: integer - unavailableMachineCount: - description: unavailableMachineCount represents the total number of - unavailable (non-ready) machines targeted by the pool. A node is - marked unavailable if it is in updating state or NodeReady condition - is false. - format: int32 - type: integer - updatedMachineCount: - description: updatedMachineCount represents the total number of machines - targeted by the pool that have the CurrentMachineConfig as their - config. - format: int32 - type: integer - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/Makefile b/vendor/github.com/openshift/api/machineconfiguration/v1/Makefile new file mode 100644 index 00000000000..7cd8eee901e --- /dev/null +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/Makefile @@ -0,0 +1,3 @@ +.PHONY: test +test: + make -C ../../tests test GINKGO_EXTRA_ARGS=--focus="machineconfiguration.openshift.io/v1" diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/custom.controllerconfig.testsuite.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/custom.controllerconfig.testsuite.yaml deleted file mode 100644 index 6d54b498cd4..00000000000 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/custom.controllerconfig.testsuite.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Custom] ControllerConfig" -crd: 0000_80_controllerconfig-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a ControllerConfig for vSphere with external load balancer - initial: | - apiVersion: machineconfiguration.openshift.io/v1 - kind: ControllerConfig - spec: - additionalTrustBundle: Y2VydGlmaWNhdGUK - baseOSContainerImage: example.com/example/openshift-release-dev@sha256:d98795f7932441b30bb8bcfbbf05912875383fad1f2b3be08a22ec148d68607e - baseOSExtensionsContainerImage: example.com/example/openshift-release-dev@sha256:d98795f7932441b30bb8bcfbbf05912875383fad1f2b3be08a22ec148d68607e - cloudProviderCAData: null - cloudProviderConfig: "" - clusterDNSIP: fd02::a - dns: - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - baseDomain: fake.redhat.com - images: - machineConfigOperator: rexample.com/example/openshift-release-dev@sha256:2c3ea52ac3a41c6d58e85977c3149413e3fa4b70eb2397426456863adbf43306 - infra: - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - cloudConfig: - name: "" - platformSpec: - type: VSphere - vsphere: {} - status: - apiServerInternalURI: https://api-int.cnfde4.sno.ptp.lab.eng.bos.redhat.com:6443 - apiServerURL: https://api.cnfde4.sno.ptp.lab.eng.bos.redhat.com:6443 - cpuPartitioning: "None" - controlPlaneTopology: SingleReplica - etcdDiscoveryDomain: "" - infrastructureName: cnfde4-sxhr7 - infrastructureTopology: SingleReplica - platform: VSphere - platformStatus: - type: VSphere - vsphere: - apiServerInternalIP: 10.38.153.2 - apiServerInternalIPs: - - 10.38.153.2 - ingressIP: 10.38.153.3 - ingressIPs: - - 10.38.153.3 - loadBalancer: - type: UserManaged - ipFamilies: IPv6 - kubeAPIServerServingCAData: Y2VydGlmaWNhdGUK - network: null - networkType: OVNKubernetes - osImageURL: example.com/example/openshift-release-dev@sha256:eacdc37aec78fdbf8caa9601e4012ab31453cf59b086474901900e853e803ea8 - platform: none - proxy: null - pullSecret: - name: pull-secret - namespace: openshift-config - releaseImage: "" - rootCAData: Y2VydGlmaWNhdGUK - expected: | - apiVersion: machineconfiguration.openshift.io/v1 - kind: ControllerConfig - spec: - additionalTrustBundle: Y2VydGlmaWNhdGUK - baseOSContainerImage: example.com/example/openshift-release-dev@sha256:d98795f7932441b30bb8bcfbbf05912875383fad1f2b3be08a22ec148d68607e - baseOSExtensionsContainerImage: example.com/example/openshift-release-dev@sha256:d98795f7932441b30bb8bcfbbf05912875383fad1f2b3be08a22ec148d68607e - cloudProviderCAData: null - cloudProviderConfig: "" - clusterDNSIP: fd02::a - dns: - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - baseDomain: fake.redhat.com - images: - machineConfigOperator: rexample.com/example/openshift-release-dev@sha256:2c3ea52ac3a41c6d58e85977c3149413e3fa4b70eb2397426456863adbf43306 - infra: - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - cloudConfig: - name: "" - platformSpec: - type: VSphere - vsphere: {} - status: - apiServerInternalURI: https://api-int.cnfde4.sno.ptp.lab.eng.bos.redhat.com:6443 - apiServerURL: https://api.cnfde4.sno.ptp.lab.eng.bos.redhat.com:6443 - cpuPartitioning: "None" - controlPlaneTopology: SingleReplica - etcdDiscoveryDomain: "" - infrastructureName: cnfde4-sxhr7 - infrastructureTopology: SingleReplica - platform: VSphere - platformStatus: - type: VSphere - vsphere: - apiServerInternalIP: 10.38.153.2 - apiServerInternalIPs: - - 10.38.153.2 - ingressIP: 10.38.153.3 - ingressIPs: - - 10.38.153.3 - loadBalancer: - type: UserManaged - ipFamilies: IPv6 - kubeAPIServerServingCAData: Y2VydGlmaWNhdGUK - network: null - networkType: OVNKubernetes - osImageURL: example.com/example/openshift-release-dev@sha256:eacdc37aec78fdbf8caa9601e4012ab31453cf59b086474901900e853e803ea8 - platform: none - proxy: null - pullSecret: - name: pull-secret - namespace: openshift-config - releaseImage: "" - rootCAData: Y2VydGlmaWNhdGUK diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/stable.containerruntimeconfig.testsuite.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/stable.containerruntimeconfig.testsuite.yaml deleted file mode 100644 index 5a901bfebed..00000000000 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/stable.containerruntimeconfig.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ContainerRuntimeConfig" -crd: 0000_80_containerruntimeconfig.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ContainerRuntimeConfig - initial: | - apiVersion: machineconfiguration.openshift.io/v1 - kind: ContainerRuntimeConfig - spec: - containerRuntimeConfig: {} - expected: | - apiVersion: machineconfiguration.openshift.io/v1 - kind: ContainerRuntimeConfig - spec: - containerRuntimeConfig: {} diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/stable.controllerconfig.testsuite.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/stable.controllerconfig.testsuite.yaml deleted file mode 100644 index 91a6809d78c..00000000000 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/stable.controllerconfig.testsuite.yaml +++ /dev/null @@ -1,219 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ControllerConfig" -crd: 0000_80_controllerconfig-Default.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ControllerConfig - initial: | - apiVersion: machineconfiguration.openshift.io/v1 - kind: ControllerConfig - spec: - additionalTrustBundle: Y2VydGlmaWNhdGUK - baseOSContainerImage: example.com/example/openshift-release-dev@sha256:d98795f7932441b30bb8bcfbbf05912875383fad1f2b3be08a22ec148d68607e - baseOSExtensionsContainerImage: example.com/example/openshift-release-dev@sha256:d98795f7932441b30bb8bcfbbf05912875383fad1f2b3be08a22ec148d68607e - cloudProviderCAData: null - cloudProviderConfig: "" - clusterDNSIP: fd02::a - dns: - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - baseDomain: fake.redhat.com - images: - machineConfigOperator: rexample.com/example/openshift-release-dev@sha256:2c3ea52ac3a41c6d58e85977c3149413e3fa4b70eb2397426456863adbf43306 - infra: - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - cloudConfig: - name: "" - platformSpec: - type: None - status: - apiServerInternalURI: https://api-int.cnfde4.sno.ptp.lab.eng.bos.redhat.com:6443 - apiServerURL: https://api.cnfde4.sno.ptp.lab.eng.bos.redhat.com:6443 - cpuPartitioning: "None" - controlPlaneTopology: SingleReplica - etcdDiscoveryDomain: "" - infrastructureName: cnfde4-sxhr7 - infrastructureTopology: SingleReplica - platform: None - platformStatus: - type: None - ipFamilies: IPv6 - kubeAPIServerServingCAData: Y2VydGlmaWNhdGUK - network: null - networkType: OVNKubernetes - osImageURL: example.com/example/openshift-release-dev@sha256:eacdc37aec78fdbf8caa9601e4012ab31453cf59b086474901900e853e803ea8 - platform: none - proxy: null - pullSecret: - name: pull-secret - namespace: openshift-config - releaseImage: "" - rootCAData: Y2VydGlmaWNhdGUK - expected: | - apiVersion: machineconfiguration.openshift.io/v1 - kind: ControllerConfig - spec: - additionalTrustBundle: Y2VydGlmaWNhdGUK - baseOSContainerImage: example.com/example/openshift-release-dev@sha256:d98795f7932441b30bb8bcfbbf05912875383fad1f2b3be08a22ec148d68607e - baseOSExtensionsContainerImage: example.com/example/openshift-release-dev@sha256:d98795f7932441b30bb8bcfbbf05912875383fad1f2b3be08a22ec148d68607e - cloudProviderCAData: null - cloudProviderConfig: "" - clusterDNSIP: fd02::a - dns: - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - baseDomain: fake.redhat.com - images: - machineConfigOperator: rexample.com/example/openshift-release-dev@sha256:2c3ea52ac3a41c6d58e85977c3149413e3fa4b70eb2397426456863adbf43306 - infra: - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - cloudConfig: - name: "" - platformSpec: - type: None - status: - apiServerInternalURI: https://api-int.cnfde4.sno.ptp.lab.eng.bos.redhat.com:6443 - apiServerURL: https://api.cnfde4.sno.ptp.lab.eng.bos.redhat.com:6443 - cpuPartitioning: "None" - controlPlaneTopology: SingleReplica - etcdDiscoveryDomain: "" - infrastructureName: cnfde4-sxhr7 - infrastructureTopology: SingleReplica - platform: None - platformStatus: - type: None - ipFamilies: IPv6 - kubeAPIServerServingCAData: Y2VydGlmaWNhdGUK - network: null - networkType: OVNKubernetes - osImageURL: example.com/example/openshift-release-dev@sha256:eacdc37aec78fdbf8caa9601e4012ab31453cf59b086474901900e853e803ea8 - platform: none - proxy: null - pullSecret: - name: pull-secret - namespace: openshift-config - releaseImage: "" - rootCAData: Y2VydGlmaWNhdGUK - - name: Should be able to create a ControllerConfig for vSphere with external load balancer - initial: | - apiVersion: machineconfiguration.openshift.io/v1 - kind: ControllerConfig - spec: - additionalTrustBundle: Y2VydGlmaWNhdGUK - baseOSContainerImage: example.com/example/openshift-release-dev@sha256:d98795f7932441b30bb8bcfbbf05912875383fad1f2b3be08a22ec148d68607e - baseOSExtensionsContainerImage: example.com/example/openshift-release-dev@sha256:d98795f7932441b30bb8bcfbbf05912875383fad1f2b3be08a22ec148d68607e - cloudProviderCAData: null - cloudProviderConfig: "" - clusterDNSIP: fd02::a - dns: - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - baseDomain: fake.redhat.com - images: - machineConfigOperator: rexample.com/example/openshift-release-dev@sha256:2c3ea52ac3a41c6d58e85977c3149413e3fa4b70eb2397426456863adbf43306 - infra: - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - cloudConfig: - name: "" - platformSpec: - type: VSphere - vsphere: {} - status: - apiServerInternalURI: https://api-int.cnfde4.sno.ptp.lab.eng.bos.redhat.com:6443 - apiServerURL: https://api.cnfde4.sno.ptp.lab.eng.bos.redhat.com:6443 - cpuPartitioning: "None" - controlPlaneTopology: SingleReplica - etcdDiscoveryDomain: "" - infrastructureName: cnfde4-sxhr7 - infrastructureTopology: SingleReplica - platform: VSphere - platformStatus: - type: VSphere - vsphere: - apiServerInternalIP: 10.38.153.2 - apiServerInternalIPs: - - 10.38.153.2 - ingressIP: 10.38.153.3 - ingressIPs: - - 10.38.153.3 - loadBalancer: - type: UserManaged - ipFamilies: IPv6 - kubeAPIServerServingCAData: Y2VydGlmaWNhdGUK - network: null - networkType: OVNKubernetes - osImageURL: example.com/example/openshift-release-dev@sha256:eacdc37aec78fdbf8caa9601e4012ab31453cf59b086474901900e853e803ea8 - platform: none - proxy: null - pullSecret: - name: pull-secret - namespace: openshift-config - releaseImage: "" - rootCAData: Y2VydGlmaWNhdGUK - expected: | - apiVersion: machineconfiguration.openshift.io/v1 - kind: ControllerConfig - spec: - additionalTrustBundle: Y2VydGlmaWNhdGUK - baseOSContainerImage: example.com/example/openshift-release-dev@sha256:d98795f7932441b30bb8bcfbbf05912875383fad1f2b3be08a22ec148d68607e - baseOSExtensionsContainerImage: example.com/example/openshift-release-dev@sha256:d98795f7932441b30bb8bcfbbf05912875383fad1f2b3be08a22ec148d68607e - cloudProviderCAData: null - cloudProviderConfig: "" - clusterDNSIP: fd02::a - dns: - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - baseDomain: fake.redhat.com - images: - machineConfigOperator: rexample.com/example/openshift-release-dev@sha256:2c3ea52ac3a41c6d58e85977c3149413e3fa4b70eb2397426456863adbf43306 - infra: - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - cloudConfig: - name: "" - platformSpec: - type: VSphere - vsphere: {} - status: - apiServerInternalURI: https://api-int.cnfde4.sno.ptp.lab.eng.bos.redhat.com:6443 - apiServerURL: https://api.cnfde4.sno.ptp.lab.eng.bos.redhat.com:6443 - cpuPartitioning: "None" - controlPlaneTopology: SingleReplica - etcdDiscoveryDomain: "" - infrastructureName: cnfde4-sxhr7 - infrastructureTopology: SingleReplica - platform: VSphere - platformStatus: - type: VSphere - vsphere: - apiServerInternalIP: 10.38.153.2 - apiServerInternalIPs: - - 10.38.153.2 - ingressIP: 10.38.153.3 - ingressIPs: - - 10.38.153.3 - loadBalancer: - type: UserManaged - ipFamilies: IPv6 - kubeAPIServerServingCAData: Y2VydGlmaWNhdGUK - network: null - networkType: OVNKubernetes - osImageURL: example.com/example/openshift-release-dev@sha256:eacdc37aec78fdbf8caa9601e4012ab31453cf59b086474901900e853e803ea8 - platform: none - proxy: null - pullSecret: - name: pull-secret - namespace: openshift-config - releaseImage: "" - rootCAData: Y2VydGlmaWNhdGUK diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/stable.kubeletconfig.testsuite.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/stable.kubeletconfig.testsuite.yaml deleted file mode 100644 index c4456ce82b0..00000000000 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/stable.kubeletconfig.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] KubeletConfig" -crd: 0000_80_kubeletconfig.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal KubeletConfig - initial: | - apiVersion: machineconfiguration.openshift.io/v1 - kind: KubeletConfig - spec: {} # No spec is required for a KubeletConfig - expected: | - apiVersion: machineconfiguration.openshift.io/v1 - kind: KubeletConfig - spec: {} diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/stable.machineconfig.testsuite.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/stable.machineconfig.testsuite.yaml deleted file mode 100644 index 26db0e8aed4..00000000000 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/stable.machineconfig.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] MachineConfig" -crd: 0000_80_machineconfig.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal MachineConfig - initial: | - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: {} # No spec is required for a MachineConfig - expected: | - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfig - spec: {} diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/stable.machineconfigpool.testsuite.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/stable.machineconfigpool.testsuite.yaml deleted file mode 100644 index 37fb01e7333..00000000000 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/stable.machineconfigpool.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] MachineConfigPool" -crd: 0000_80_machineconfigpool.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal MachineConfigPool - initial: | - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfigPool - spec: {} # No spec is required for a MachineConfigPool - expected: | - apiVersion: machineconfiguration.openshift.io/v1 - kind: MachineConfigPool - spec: {} diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/techpreview.controllerconfig.testsuite.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/techpreview.controllerconfig.testsuite.yaml deleted file mode 100644 index 37239c6fd1b..00000000000 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/techpreview.controllerconfig.testsuite.yaml +++ /dev/null @@ -1,122 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreview] ControllerConfig" -crd: 0000_80_controllerconfig-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a ControllerConfig for vSphere with external load balancer - initial: | - apiVersion: machineconfiguration.openshift.io/v1 - kind: ControllerConfig - spec: - additionalTrustBundle: Y2VydGlmaWNhdGUK - baseOSContainerImage: example.com/example/openshift-release-dev@sha256:d98795f7932441b30bb8bcfbbf05912875383fad1f2b3be08a22ec148d68607e - baseOSExtensionsContainerImage: example.com/example/openshift-release-dev@sha256:d98795f7932441b30bb8bcfbbf05912875383fad1f2b3be08a22ec148d68607e - cloudProviderCAData: null - cloudProviderConfig: "" - clusterDNSIP: fd02::a - dns: - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - baseDomain: fake.redhat.com - images: - machineConfigOperator: rexample.com/example/openshift-release-dev@sha256:2c3ea52ac3a41c6d58e85977c3149413e3fa4b70eb2397426456863adbf43306 - infra: - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - cloudConfig: - name: "" - platformSpec: - type: VSphere - vsphere: {} - status: - apiServerInternalURI: https://api-int.cnfde4.sno.ptp.lab.eng.bos.redhat.com:6443 - apiServerURL: https://api.cnfde4.sno.ptp.lab.eng.bos.redhat.com:6443 - cpuPartitioning: "None" - controlPlaneTopology: SingleReplica - etcdDiscoveryDomain: "" - infrastructureName: cnfde4-sxhr7 - infrastructureTopology: SingleReplica - platform: VSphere - platformStatus: - type: VSphere - vsphere: - apiServerInternalIP: 10.38.153.2 - apiServerInternalIPs: - - 10.38.153.2 - ingressIP: 10.38.153.3 - ingressIPs: - - 10.38.153.3 - loadBalancer: - type: UserManaged - ipFamilies: IPv6 - kubeAPIServerServingCAData: Y2VydGlmaWNhdGUK - network: null - networkType: OVNKubernetes - osImageURL: example.com/example/openshift-release-dev@sha256:eacdc37aec78fdbf8caa9601e4012ab31453cf59b086474901900e853e803ea8 - platform: none - proxy: null - pullSecret: - name: pull-secret - namespace: openshift-config - releaseImage: "" - rootCAData: Y2VydGlmaWNhdGUK - expected: | - apiVersion: machineconfiguration.openshift.io/v1 - kind: ControllerConfig - spec: - additionalTrustBundle: Y2VydGlmaWNhdGUK - baseOSContainerImage: example.com/example/openshift-release-dev@sha256:d98795f7932441b30bb8bcfbbf05912875383fad1f2b3be08a22ec148d68607e - baseOSExtensionsContainerImage: example.com/example/openshift-release-dev@sha256:d98795f7932441b30bb8bcfbbf05912875383fad1f2b3be08a22ec148d68607e - cloudProviderCAData: null - cloudProviderConfig: "" - clusterDNSIP: fd02::a - dns: - apiVersion: config.openshift.io/v1 - kind: DNS - spec: - baseDomain: fake.redhat.com - images: - machineConfigOperator: rexample.com/example/openshift-release-dev@sha256:2c3ea52ac3a41c6d58e85977c3149413e3fa4b70eb2397426456863adbf43306 - infra: - apiVersion: config.openshift.io/v1 - kind: Infrastructure - spec: - cloudConfig: - name: "" - platformSpec: - type: VSphere - vsphere: {} - status: - apiServerInternalURI: https://api-int.cnfde4.sno.ptp.lab.eng.bos.redhat.com:6443 - apiServerURL: https://api.cnfde4.sno.ptp.lab.eng.bos.redhat.com:6443 - cpuPartitioning: "None" - controlPlaneTopology: SingleReplica - etcdDiscoveryDomain: "" - infrastructureName: cnfde4-sxhr7 - infrastructureTopology: SingleReplica - platform: VSphere - platformStatus: - type: VSphere - vsphere: - apiServerInternalIP: 10.38.153.2 - apiServerInternalIPs: - - 10.38.153.2 - ingressIP: 10.38.153.3 - ingressIPs: - - 10.38.153.3 - loadBalancer: - type: UserManaged - ipFamilies: IPv6 - kubeAPIServerServingCAData: Y2VydGlmaWNhdGUK - network: null - networkType: OVNKubernetes - osImageURL: example.com/example/openshift-release-dev@sha256:eacdc37aec78fdbf8caa9601e4012ab31453cf59b086474901900e853e803ea8 - platform: none - proxy: null - pullSecret: - name: pull-secret - namespace: openshift-config - releaseImage: "" - rootCAData: Y2VydGlmaWNhdGUK diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/types.go b/vendor/github.com/openshift/api/machineconfiguration/v1/types.go index 6f8ca2b21bc..574c90035a6 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/types.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/types.go @@ -23,7 +23,7 @@ const KubeletConfigRoleLabelPrefix = "pools.operator.machineconfiguration.opensh // +kubebuilder:resource:path=controllerconfigs,scope=Cluster // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1453 -// +openshift:file-pattern=0000_80_controllerconfigMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_80,operatorName=machine-config,operatorOrdering=01 // +kubebuilder:metadata:labels=openshift.io/operator-managed= // ControllerConfig describes configuration for MachineConfigController. @@ -292,7 +292,7 @@ type ControllerConfigList struct { // +kubebuilder:object:root=true // +kubebuilder:resource:path=machineconfigs,scope=Cluster,shortName=mc // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1453 -// +openshift:file-pattern=0000_80_machineconfigMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_80,operatorName=machine-config,operatorOrdering=01 // +kubebuilder:metadata:labels="openshift.io/operator-managed=" // +kubebuilder:printcolumn:name=GeneratedByController,JSONPath=.metadata.annotations.machineconfiguration\.openshift\.io/generated-by-controller-version,type=string,description=Version of the controller that generated the machineconfig. This will be empty if the machineconfig is not managed by a controller. // +kubebuilder:printcolumn:name=IgnitionVersion,JSONPath=.spec.config.ignition.version,type=string,description=Version of the Ignition Config defined in the machineconfig. @@ -366,7 +366,7 @@ type MachineConfigList struct { // +kubebuilder:resource:path=machineconfigpools,scope=Cluster,shortName=mcp // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1453 -// +openshift:file-pattern=0000_80_machineconfigpoolMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_80,operatorName=machine-config,operatorOrdering=01 // +kubebuilder:metadata:labels="openshift.io/operator-managed=" // +kubebuilder:printcolumn:name=Config,JSONPath=.status.configuration.name,type=string // +kubebuilder:printcolumn:name=Updated,JSONPath=.status.conditions[?(@.type=="Updated")].status,type=string,description=When all the machines in the pool are updated to the correct machine config. @@ -421,6 +421,45 @@ type MachineConfigPoolSpec struct { // The targeted MachineConfig object for the machine config pool. // +optional Configuration MachineConfigPoolStatusConfiguration `json:"configuration"` + + // pinnedImageSets specifies a sequence of PinnedImageSetRef objects for the + // pool. Nodes within this pool will preload and pin images defined in the + // PinnedImageSet. Before pulling images the MachineConfigDaemon will ensure + // the total uncompressed size of all the images does not exceed available + // resources. If the total size of the images exceeds the available + // resources the controller will report a Degraded status to the + // MachineConfigPool and not attempt to pull any images. Also to help ensure + // the kubelet can mitigate storage risk, the pinned_image configuration and + // subsequent service reload will happen only after all of the images have + // been pulled for each set. Images from multiple PinnedImageSets are loaded + // and pinned sequentially as listed. Duplicate and existing images will be + // skipped. + // + // Any failure to prefetch or pin images will result in a Degraded pool. + // Resolving these failures is the responsibility of the user. The admin + // should be proactive in ensuring adequate storage and proper image + // authentication exists in advance. + // +openshift:enable:FeatureGate=PinnedImages + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=100 + PinnedImageSets []PinnedImageSetRef `json:"pinnedImageSets,omitempty"` +} + +type PinnedImageSetRef struct { + // name is a reference to the name of a PinnedImageSet. Must adhere to + // RFC-1123 (https://tools.ietf.org/html/rfc1123). + // Made up of one of more period-separated (.) segments, where each segment + // consists of alphanumeric characters and hyphens (-), must begin and end + // with an alphanumeric character, and is at most 63 characters in length. + // The total length of the name must not exceed 253 characters. + // +openshift:enable:FeatureGate=PinnedImages + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$` + // +kubebuilder:validation:Required + Name string `json:"name"` } // MachineConfigPoolStatus is the status for MachineConfigPool resource. @@ -464,8 +503,62 @@ type MachineConfigPoolStatus struct { // +listType=atomic // +optional CertExpirys []CertExpiry `json:"certExpirys"` + + // poolSynchronizersStatus is the status of the machines managed by the pool synchronizers. + // +openshift:enable:FeatureGate=PinnedImages + // +listType=map + // +listMapKey=poolSynchronizerType + // +optional + PoolSynchronizersStatus []PoolSynchronizerStatus `json:"poolSynchronizersStatus,omitempty"` } +// +kubebuilder:validation:XValidation:rule="self.machineCount >= self.updatedMachineCount", message="machineCount must be greater than or equal to updatedMachineCount" +// +kubebuilder:validation:XValidation:rule="self.machineCount >= self.availableMachineCount", message="machineCount must be greater than or equal to availableMachineCount" +// +kubebuilder:validation:XValidation:rule="self.machineCount >= self.unavailableMachineCount", message="machineCount must be greater than or equal to unavailableMachineCount" +// +kubebuilder:validation:XValidation:rule="self.machineCount >= self.readyMachineCount", message="machineCount must be greater than or equal to readyMachineCount" +// +kubebuilder:validation:XValidation:rule="self.availableMachineCount >= self.readyMachineCount", message="availableMachineCount must be greater than or equal to readyMachineCount" +type PoolSynchronizerStatus struct { + // poolSynchronizerType describes the type of the pool synchronizer. + // +kubebuilder:validation:Required + PoolSynchronizerType PoolSynchronizerType `json:"poolSynchronizerType"` + // machineCount is the number of machines that are managed by the node synchronizer. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Minimum=0 + MachineCount int64 `json:"machineCount"` + // updatedMachineCount is the number of machines that have been updated by the node synchronizer. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Minimum=0 + UpdatedMachineCount int64 `json:"updatedMachineCount"` + // readyMachineCount is the number of machines managed by the node synchronizer that are in a ready state. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Minimum=0 + ReadyMachineCount int64 `json:"readyMachineCount"` + // availableMachineCount is the number of machines managed by the node synchronizer which are available. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Minimum=0 + AvailableMachineCount int64 `json:"availableMachineCount"` + // unavailableMachineCount is the number of machines managed by the node synchronizer but are unavailable. + // +kubebuilder:validation:Required + // +kubebuilder:validation:Minimum=0 + UnavailableMachineCount int64 `json:"unavailableMachineCount"` + // +kubebuilder:validation:XValidation:rule="self >= oldSelf || (self == 0 && oldSelf > 0)", message="observedGeneration must not move backwards except to zero" + // observedGeneration is the last generation change that has been applied. + // +kubebuilder:validation:Minimum=0 + // +optional + ObservedGeneration int64 `json:"observedGeneration,omitempty"` +} + +// PoolSynchronizerType is an enum that describe the type of pool synchronizer. A pool synchronizer is a one or more controllers that +// manages the on disk state of a set of machines within a pool. +// +kubebuilder:validation:Enum:="PinnedImageSets" +// +kubebuilder:validation:MaxLength=256 +type PoolSynchronizerType string + +const ( + // PinnedImageSets represents a pool synchronizer for pinned image sets. + PinnedImageSets PoolSynchronizerType = "PinnedImageSets" +) + // ceryExpiry contains the bundle name and the expiry date type CertExpiry struct { // bundle is the name of the bundle in which the subject certificate resides @@ -536,6 +629,14 @@ const ( // MachineConfigPoolRenderDegraded means the rendered configuration for the pool cannot be generated because of an error MachineConfigPoolRenderDegraded MachineConfigPoolConditionType = "RenderDegraded" + // MachineConfigPoolPinnedImageSetsDegraded means the pinned image sets for the pool cannot be populated because of an error + // +openshift:enable:FeatureGate=PinnedImages + MachineConfigPoolPinnedImageSetsDegraded MachineConfigPoolConditionType = "PinnedImageSetsDegraded" + + // MachineConfigPoolSynchronizerDegraded means the pool synchronizer can not be updated because of an error + // +openshift:enable:FeatureGate=PinnedImages + MachineConfigPoolSynchronizerDegraded MachineConfigPoolConditionType = "PoolSynchronizerDegraded" + // MachineConfigPoolDegraded is the overall status of the pool based, today, on whether we fail with NodeDegraded or RenderDegraded MachineConfigPoolDegraded MachineConfigPoolConditionType = "Degraded" @@ -574,7 +675,7 @@ type MachineConfigPoolList struct { // +kubebuilder:resource:path=kubeletconfigs,scope=Cluster // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1453 -// +openshift:file-pattern=0000_80_kubeletconfigMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_80,operatorName=machine-config,operatorOrdering=01 // +kubebuilder:metadata:labels="openshift.io/operator-managed=" // +openshift:compatibility-gen:level=1 type KubeletConfig struct { @@ -683,7 +784,7 @@ type KubeletConfigList struct { // +kubebuilder:resource:path=containerruntimeconfigs,scope=Cluster,shortName=ctrcfg // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1453 -// +openshift:file-pattern=0000_80_containerruntimeconfigMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_80,operatorName=machine-config,operatorOrdering=01 // +kubebuilder:metadata:labels="openshift.io/operator-managed=" // +openshift:compatibility-gen:level=1 type ContainerRuntimeConfig struct { diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go index 180027a84e4..9ad13130fe3 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.deepcopy.go @@ -730,6 +730,11 @@ func (in *MachineConfigPoolSpec) DeepCopyInto(out *MachineConfigPoolSpec) { **out = **in } in.Configuration.DeepCopyInto(&out.Configuration) + if in.PinnedImageSets != nil { + in, out := &in.PinnedImageSets, &out.PinnedImageSets + *out = make([]PinnedImageSetRef, len(*in)) + copy(*out, *in) + } return } @@ -761,6 +766,11 @@ func (in *MachineConfigPoolStatus) DeepCopyInto(out *MachineConfigPoolStatus) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.PoolSynchronizersStatus != nil { + in, out := &in.PoolSynchronizersStatus, &out.PoolSynchronizersStatus + *out = make([]PoolSynchronizerStatus, len(*in)) + copy(*out, *in) + } return } @@ -843,3 +853,35 @@ func (in *NetworkInfo) DeepCopy() *NetworkInfo { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PinnedImageSetRef) DeepCopyInto(out *PinnedImageSetRef) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PinnedImageSetRef. +func (in *PinnedImageSetRef) DeepCopy() *PinnedImageSetRef { + if in == nil { + return nil + } + out := new(PinnedImageSetRef) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PoolSynchronizerStatus) DeepCopyInto(out *PoolSynchronizerStatus) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PoolSynchronizerStatus. +func (in *PoolSynchronizerStatus) DeepCopy() *PoolSynchronizerStatus { + if in == nil { + return nil + } + out := new(PoolSynchronizerStatus) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml index f76c678b5d9..a10144da5a2 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml @@ -5,6 +5,9 @@ containerruntimeconfigs.machineconfiguration.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: machine-config + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_80" GroupName: machineconfiguration.openshift.io HasStatus: true KindName: ContainerRuntimeConfig @@ -15,7 +18,6 @@ containerruntimeconfigs.machineconfiguration.openshift.io: Scope: Cluster ShortNames: - ctrcfg - TargetFilenamePattern: 0000_80_containerruntimeconfigMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -30,6 +32,9 @@ controllerconfigs.machineconfiguration.openshift.io: - GCPClusterHostedDNS - GCPLabelsTags - VSphereControlPlaneMachineSet + FilenameOperatorName: machine-config + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_80" GroupName: machineconfiguration.openshift.io HasStatus: true KindName: ControllerConfig @@ -39,7 +44,6 @@ controllerconfigs.machineconfiguration.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_80_controllerconfigMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -50,6 +54,9 @@ kubeletconfigs.machineconfiguration.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: machine-config + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_80" GroupName: machineconfiguration.openshift.io HasStatus: true KindName: KubeletConfig @@ -59,7 +66,6 @@ kubeletconfigs.machineconfiguration.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_80_kubeletconfigMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -70,6 +76,9 @@ machineconfigs.machineconfiguration.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: machine-config + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_80" GroupName: machineconfiguration.openshift.io HasStatus: false KindName: MachineConfig @@ -92,7 +101,6 @@ machineconfigs.machineconfiguration.openshift.io: Scope: Cluster ShortNames: - mc - TargetFilenamePattern: 0000_80_machineconfigMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -102,7 +110,11 @@ machineconfigpools.machineconfiguration.openshift.io: CRDName: machineconfigpools.machineconfiguration.openshift.io Capability: "" Category: "" - FeatureGates: [] + FeatureGates: + - PinnedImages + FilenameOperatorName: machine-config + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_80" GroupName: machineconfiguration.openshift.io HasStatus: true KindName: MachineConfigPool @@ -151,7 +163,6 @@ machineconfigpools.machineconfiguration.openshift.io: Scope: Cluster ShortNames: - mcp - TargetFilenamePattern: 0000_80_machineconfigpoolMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 diff --git a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go index d1151c23b4f..29a3a2a902b 100644 --- a/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/machineconfiguration/v1/zz_generated.swagger_doc_generated.go @@ -279,6 +279,7 @@ var map_MachineConfigPoolSpec = map[string]string{ "paused": "paused specifies whether or not changes to this machine config pool should be stopped. This includes generating new desiredMachineConfig and update of machines.", "maxUnavailable": "maxUnavailable defines either an integer number or percentage of nodes in the pool that can go Unavailable during an update. This includes nodes Unavailable for any reason, including user initiated cordons, failing nodes, etc. The default value is 1.\n\nA value larger than 1 will mean multiple nodes going unavailable during the update, which may affect your workload stress on the remaining nodes. You cannot set this value to 0 to stop updates (it will default back to 1); to stop updates, use the 'paused' property instead. Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum guards, even if maxUnavailable is greater than one.", "configuration": "The targeted MachineConfig object for the machine config pool.", + "pinnedImageSets": "pinnedImageSets specifies a sequence of PinnedImageSetRef objects for the pool. Nodes within this pool will preload and pin images defined in the PinnedImageSet. Before pulling images the MachineConfigDaemon will ensure the total uncompressed size of all the images does not exceed available resources. If the total size of the images exceeds the available resources the controller will report a Degraded status to the MachineConfigPool and not attempt to pull any images. Also to help ensure the kubelet can mitigate storage risk, the pinned_image configuration and subsequent service reload will happen only after all of the images have been pulled for each set. Images from multiple PinnedImageSets are loaded and pinned sequentially as listed. Duplicate and existing images will be skipped.\n\nAny failure to prefetch or pin images will result in a Degraded pool. Resolving these failures is the responsibility of the user. The admin should be proactive in ensuring adequate storage and proper image authentication exists in advance.", } func (MachineConfigPoolSpec) SwaggerDoc() map[string]string { @@ -296,6 +297,7 @@ var map_MachineConfigPoolStatus = map[string]string{ "degradedMachineCount": "degradedMachineCount represents the total number of machines marked degraded (or unreconcilable). A node is marked degraded if applying a configuration failed..", "conditions": "conditions represents the latest available observations of current state.", "certExpirys": "certExpirys keeps track of important certificate expiration data", + "poolSynchronizersStatus": "poolSynchronizersStatus is the status of the machines managed by the pool synchronizers.", } func (MachineConfigPoolStatus) SwaggerDoc() map[string]string { @@ -335,4 +337,26 @@ func (NetworkInfo) SwaggerDoc() map[string]string { return map_NetworkInfo } +var map_PinnedImageSetRef = map[string]string{ + "name": "name is a reference to the name of a PinnedImageSet. Must adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123). Made up of one of more period-separated (.) segments, where each segment consists of alphanumeric characters and hyphens (-), must begin and end with an alphanumeric character, and is at most 63 characters in length. The total length of the name must not exceed 253 characters.", +} + +func (PinnedImageSetRef) SwaggerDoc() map[string]string { + return map_PinnedImageSetRef +} + +var map_PoolSynchronizerStatus = map[string]string{ + "poolSynchronizerType": "poolSynchronizerType describes the type of the pool synchronizer.", + "machineCount": "machineCount is the number of machines that are managed by the node synchronizer.", + "updatedMachineCount": "updatedMachineCount is the number of machines that have been updated by the node synchronizer.", + "readyMachineCount": "readyMachineCount is the number of machines managed by the node synchronizer that are in a ready state.", + "availableMachineCount": "availableMachineCount is the number of machines managed by the node synchronizer which are available.", + "unavailableMachineCount": "unavailableMachineCount is the number of machines managed by the node synchronizer but are unavailable.", + "observedGeneration": "observedGeneration is the last generation change that has been applied.", +} + +func (PoolSynchronizerStatus) SwaggerDoc() map[string]string { + return map_PoolSynchronizerStatus +} + // AUTO-GENERATED FUNCTIONS END HERE diff --git a/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml deleted file mode 100644 index 50c38b36b57..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml +++ /dev/null @@ -1,179 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/612 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: configs.operator.openshift.io -spec: - group: operator.openshift.io - names: - categories: - - coreoperators - kind: Config - listKind: ConfigList - plural: configs - singular: config - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Config specifies the behavior of the config operator which is - responsible for creating the initial configuration of other components on - the cluster. The operator also handles installation, migration or synchronization - of cloud configurations for AWS and Azure cloud based clusters \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - Config Operator. - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status defines the observed status of the Config Operator. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-CustomNoUpgrade.crd.yaml deleted file mode 100644 index faa169690e5..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,278 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/752 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: etcds.operator.openshift.io -spec: - group: operator.openshift.io - names: - categories: - - coreoperators - kind: Etcd - listKind: EtcdList - plural: etcds - singular: etcd - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Etcd provides information to configure an operator to manage - etcd. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - controlPlaneHardwareSpeed: - description: HardwareSpeed allows user to change the etcd tuning profile - which configures the latency parameters for heartbeat interval and - leader election timeouts allowing the cluster to tolerate longer - round-trip-times between etcd members. Valid values are "", "Standard" - and "Slower". "" means no opinion and the platform is left to choose - a reasonable default which is subject to change without notice. - enum: - - "" - - Standard - - Slower - type: string - failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. - type: string - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - controlPlaneHardwareSpeed: - description: ControlPlaneHardwareSpeed declares valid hardware speed - tolerance levels - enum: - - "" - - Standard - - Slower - type: string - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - latestAvailableRevisionReason: - description: latestAvailableRevisionReason describe the detailed reason - for the most recent deployment - type: string - nodeStatuses: - description: nodeStatuses track the deployment values and errors across - individual nodes - items: - description: NodeStatus provides information about the current state - of a particular node managed by this operator. - properties: - currentRevision: - description: currentRevision is the generation of the most recently - successful deployment - format: int32 - type: integer - lastFailedCount: - description: lastFailedCount is how often the installer pod - of the last failed revision failed. - type: integer - lastFailedReason: - description: lastFailedReason is a machine readable failure - reason string. - type: string - lastFailedRevision: - description: lastFailedRevision is the generation of the deployment - we tried and failed to deploy. - format: int32 - type: integer - lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of human readable - errors during the failed deployment referenced in lastFailedRevision. - items: - type: string - type: array - x-kubernetes-list-type: atomic - lastFailedTime: - description: lastFailedTime is the time the last failed revision - failed the last time. - format: date-time - type: string - lastFallbackCount: - description: lastFallbackCount is how often a fallback to a - previous revision happened. - type: integer - nodeName: - description: nodeName is the name of the node - type: string - targetRevision: - description: targetRevision is the generation of the deployment - we're trying to apply - format: int32 - type: integer - required: - - nodeName - type: object - type: array - x-kubernetes-list-map-keys: - - nodeName - x-kubernetes-list-type: map - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-Default.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-Default.crd.yaml deleted file mode 100644 index 2f4211da835..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-Default.crd.yaml +++ /dev/null @@ -1,266 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/752 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: Default - name: etcds.operator.openshift.io -spec: - group: operator.openshift.io - names: - categories: - - coreoperators - kind: Etcd - listKind: EtcdList - plural: etcds - singular: etcd - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Etcd provides information to configure an operator to manage - etcd. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. - type: string - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - controlPlaneHardwareSpeed: - description: ControlPlaneHardwareSpeed declares valid hardware speed - tolerance levels - enum: - - "" - - Standard - - Slower - type: string - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - latestAvailableRevisionReason: - description: latestAvailableRevisionReason describe the detailed reason - for the most recent deployment - type: string - nodeStatuses: - description: nodeStatuses track the deployment values and errors across - individual nodes - items: - description: NodeStatus provides information about the current state - of a particular node managed by this operator. - properties: - currentRevision: - description: currentRevision is the generation of the most recently - successful deployment - format: int32 - type: integer - lastFailedCount: - description: lastFailedCount is how often the installer pod - of the last failed revision failed. - type: integer - lastFailedReason: - description: lastFailedReason is a machine readable failure - reason string. - type: string - lastFailedRevision: - description: lastFailedRevision is the generation of the deployment - we tried and failed to deploy. - format: int32 - type: integer - lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of human readable - errors during the failed deployment referenced in lastFailedRevision. - items: - type: string - type: array - x-kubernetes-list-type: atomic - lastFailedTime: - description: lastFailedTime is the time the last failed revision - failed the last time. - format: date-time - type: string - lastFallbackCount: - description: lastFallbackCount is how often a fallback to a - previous revision happened. - type: integer - nodeName: - description: nodeName is the name of the node - type: string - targetRevision: - description: targetRevision is the generation of the deployment - we're trying to apply - format: int32 - type: integer - required: - - nodeName - type: object - type: array - x-kubernetes-list-map-keys: - - nodeName - x-kubernetes-list-type: map - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index 31342d37135..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,278 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/752 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: etcds.operator.openshift.io -spec: - group: operator.openshift.io - names: - categories: - - coreoperators - kind: Etcd - listKind: EtcdList - plural: etcds - singular: etcd - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Etcd provides information to configure an operator to manage - etcd. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - controlPlaneHardwareSpeed: - description: HardwareSpeed allows user to change the etcd tuning profile - which configures the latency parameters for heartbeat interval and - leader election timeouts allowing the cluster to tolerate longer - round-trip-times between etcd members. Valid values are "", "Standard" - and "Slower". "" means no opinion and the platform is left to choose - a reasonable default which is subject to change without notice. - enum: - - "" - - Standard - - Slower - type: string - failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. - type: string - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - controlPlaneHardwareSpeed: - description: ControlPlaneHardwareSpeed declares valid hardware speed - tolerance levels - enum: - - "" - - Standard - - Slower - type: string - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - latestAvailableRevisionReason: - description: latestAvailableRevisionReason describe the detailed reason - for the most recent deployment - type: string - nodeStatuses: - description: nodeStatuses track the deployment values and errors across - individual nodes - items: - description: NodeStatus provides information about the current state - of a particular node managed by this operator. - properties: - currentRevision: - description: currentRevision is the generation of the most recently - successful deployment - format: int32 - type: integer - lastFailedCount: - description: lastFailedCount is how often the installer pod - of the last failed revision failed. - type: integer - lastFailedReason: - description: lastFailedReason is a machine readable failure - reason string. - type: string - lastFailedRevision: - description: lastFailedRevision is the generation of the deployment - we tried and failed to deploy. - format: int32 - type: integer - lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of human readable - errors during the failed deployment referenced in lastFailedRevision. - items: - type: string - type: array - x-kubernetes-list-type: atomic - lastFailedTime: - description: lastFailedTime is the time the last failed revision - failed the last time. - format: date-time - type: string - lastFallbackCount: - description: lastFallbackCount is how often a fallback to a - previous revision happened. - type: integer - nodeName: - description: nodeName is the name of the node - type: string - targetRevision: - description: targetRevision is the generation of the deployment - we're trying to apply - format: int32 - type: integer - required: - - nodeName - type: object - type: array - x-kubernetes-list-map-keys: - - nodeName - x-kubernetes-list-type: map - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml deleted file mode 100644 index 345ef5d988a..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml +++ /dev/null @@ -1,282 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: kubeapiservers.operator.openshift.io -spec: - group: operator.openshift.io - names: - categories: - - coreoperators - kind: KubeAPIServer - listKind: KubeAPIServerList - plural: kubeapiservers - singular: kubeapiserver - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "KubeAPIServer provides information to configure an operator - to manage kube-apiserver. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - Kubernetes API Server - properties: - failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. - type: string - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Force)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status is the most recently observed status of the Kubernetes - API Server - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - latestAvailableRevisionReason: - description: latestAvailableRevisionReason describe the detailed reason - for the most recent deployment - type: string - nodeStatuses: - description: nodeStatuses track the deployment values and errors across - individual nodes - items: - description: NodeStatus provides information about the current state - of a particular node managed by this operator. - properties: - currentRevision: - description: currentRevision is the generation of the most recently - successful deployment - format: int32 - type: integer - lastFailedCount: - description: lastFailedCount is how often the installer pod - of the last failed revision failed. - type: integer - lastFailedReason: - description: lastFailedReason is a machine readable failure - reason string. - type: string - lastFailedRevision: - description: lastFailedRevision is the generation of the deployment - we tried and failed to deploy. - format: int32 - type: integer - lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of human readable - errors during the failed deployment referenced in lastFailedRevision. - items: - type: string - type: array - x-kubernetes-list-type: atomic - lastFailedTime: - description: lastFailedTime is the time the last failed revision - failed the last time. - format: date-time - type: string - lastFallbackCount: - description: lastFallbackCount is how often a fallback to a - previous revision happened. - type: integer - nodeName: - description: nodeName is the name of the node - type: string - targetRevision: - description: targetRevision is the generation of the deployment - we're trying to apply - format: int32 - type: integer - required: - - nodeName - type: object - type: array - x-kubernetes-list-map-keys: - - nodeName - x-kubernetes-list-type: map - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - serviceAccountIssuers: - description: 'serviceAccountIssuers tracks history of used service - account issuers. The item without expiration time represents the - currently used service account issuer. The other items represents - service account issuers that were used previously and are still - being trusted. The default expiration for the items is set by the - platform and it defaults to 24h. see: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection' - items: - properties: - expirationTime: - description: expirationTime is the time after which this service - account issuer will be pruned and removed from the trusted - list of service account issuers. - format: date-time - type: string - name: - description: name is the name of the service account issuer - --- - type: string - type: object - type: array - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml deleted file mode 100644 index 735710f2e59..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml +++ /dev/null @@ -1,271 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: kubecontrollermanagers.operator.openshift.io -spec: - group: operator.openshift.io - names: - categories: - - coreoperators - kind: KubeControllerManager - listKind: KubeControllerManagerList - plural: kubecontrollermanagers - singular: kubecontrollermanager - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "KubeControllerManager provides information to configure an operator - to manage kube-controller-manager. \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - Kubernetes Controller Manager - properties: - failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. - type: string - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Force)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - useMoreSecureServiceCA: - default: false - description: useMoreSecureServiceCA indicates that the service-ca.crt - provided in SA token volumes should include only enough certificates - to validate service serving certificates. Once set to true, it cannot - be set to false. Even if someone finds a way to set it back to false, - the service-ca.crt files that previously existed will only have - the more secure content. - type: boolean - type: object - status: - description: status is the most recently observed status of the Kubernetes - Controller Manager - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - latestAvailableRevisionReason: - description: latestAvailableRevisionReason describe the detailed reason - for the most recent deployment - type: string - nodeStatuses: - description: nodeStatuses track the deployment values and errors across - individual nodes - items: - description: NodeStatus provides information about the current state - of a particular node managed by this operator. - properties: - currentRevision: - description: currentRevision is the generation of the most recently - successful deployment - format: int32 - type: integer - lastFailedCount: - description: lastFailedCount is how often the installer pod - of the last failed revision failed. - type: integer - lastFailedReason: - description: lastFailedReason is a machine readable failure - reason string. - type: string - lastFailedRevision: - description: lastFailedRevision is the generation of the deployment - we tried and failed to deploy. - format: int32 - type: integer - lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of human readable - errors during the failed deployment referenced in lastFailedRevision. - items: - type: string - type: array - x-kubernetes-list-type: atomic - lastFailedTime: - description: lastFailedTime is the time the last failed revision - failed the last time. - format: date-time - type: string - lastFallbackCount: - description: lastFallbackCount is how often a fallback to a - previous revision happened. - type: integer - nodeName: - description: nodeName is the name of the node - type: string - targetRevision: - description: targetRevision is the generation of the deployment - we're trying to apply - format: int32 - type: integer - required: - - nodeName - type: object - type: array - x-kubernetes-list-map-keys: - - nodeName - x-kubernetes-list-type: map - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml deleted file mode 100644 index 28075e212e2..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml +++ /dev/null @@ -1,261 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: kubeschedulers.operator.openshift.io -spec: - group: operator.openshift.io - names: - categories: - - coreoperators - kind: KubeScheduler - listKind: KubeSchedulerList - plural: kubeschedulers - singular: kubescheduler - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "KubeScheduler provides information to configure an operator - to manage scheduler. \n Compatibility level 1: Stable within a major release - for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - Kubernetes Scheduler - properties: - failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. - type: string - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Force)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status is the most recently observed status of the Kubernetes - Scheduler - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - latestAvailableRevisionReason: - description: latestAvailableRevisionReason describe the detailed reason - for the most recent deployment - type: string - nodeStatuses: - description: nodeStatuses track the deployment values and errors across - individual nodes - items: - description: NodeStatus provides information about the current state - of a particular node managed by this operator. - properties: - currentRevision: - description: currentRevision is the generation of the most recently - successful deployment - format: int32 - type: integer - lastFailedCount: - description: lastFailedCount is how often the installer pod - of the last failed revision failed. - type: integer - lastFailedReason: - description: lastFailedReason is a machine readable failure - reason string. - type: string - lastFailedRevision: - description: lastFailedRevision is the generation of the deployment - we tried and failed to deploy. - format: int32 - type: integer - lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of human readable - errors during the failed deployment referenced in lastFailedRevision. - items: - type: string - type: array - x-kubernetes-list-type: atomic - lastFailedTime: - description: lastFailedTime is the time the last failed revision - failed the last time. - format: date-time - type: string - lastFallbackCount: - description: lastFallbackCount is how often a fallback to a - previous revision happened. - type: integer - nodeName: - description: nodeName is the name of the node - type: string - targetRevision: - description: targetRevision is the generation of the deployment - we're trying to apply - format: int32 - type: integer - required: - - nodeName - type: object - type: array - x-kubernetes-list-map-keys: - - nodeName - x-kubernetes-list-type: map - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml deleted file mode 100644 index ffef1975d37..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml +++ /dev/null @@ -1,184 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: openshiftapiservers.operator.openshift.io -spec: - group: operator.openshift.io - names: - categories: - - coreoperators - kind: OpenShiftAPIServer - listKind: OpenShiftAPIServerList - plural: openshiftapiservers - singular: openshiftapiserver - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "OpenShiftAPIServer provides information to configure an operator - to manage openshift-apiserver. \n Compatibility level 1: Stable within a - major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - OpenShift API Server. - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status defines the observed status of the OpenShift API Server. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - latestAvailableRevision: - description: latestAvailableRevision is the latest revision used as - suffix of revisioned secrets like encryption-config. A new revision - causes a new deployment of pods. - format: int32 - minimum: 0 - type: integer - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml deleted file mode 100644 index 12cbcb0225d..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml +++ /dev/null @@ -1,192 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/692 - api.openshift.io/merged-by-featuregates: "true" - capability.openshift.io/name: CloudCredential - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: cloudcredentials.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: CloudCredential - listKind: CloudCredentialList - plural: cloudcredentials - singular: cloudcredential - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "CloudCredential provides a means to configure an operator to - manage CredentialsRequests. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: CloudCredentialSpec is the specification of the desired behavior - of the cloud-credential-operator. - properties: - credentialsMode: - description: 'CredentialsMode allows informing CCO that it should - not attempt to dynamically determine the root cloud credentials - capabilities, and it should just run in the specified mode. It also - allows putting the operator into "manual" mode if desired. Leaving - the field in default mode runs CCO so that the cluster''s cloud - credentials will be dynamically probed for capabilities (on supported - clouds/platforms). Supported modes: AWS/Azure/GCP: "" (Default), - "Mint", "Passthrough", "Manual" Others: Do not set value as other - platforms only support running in "Passthrough"' - enum: - - "" - - Manual - - Mint - - Passthrough - type: string - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: CloudCredentialStatus defines the observed status of the - cloud-credential-operator. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml deleted file mode 100644 index e76f33eb193..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml +++ /dev/null @@ -1,172 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/503 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: kubestorageversionmigrators.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: KubeStorageVersionMigrator - listKind: KubeStorageVersionMigratorList - plural: kubestorageversionmigrators - singular: kubestorageversionmigrator - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "KubeStorageVersionMigrator provides information to configure - an operator to manage kube-storage-version-migrator. \n Compatibility level - 1: Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml deleted file mode 100644 index c102c4c03ec..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml +++ /dev/null @@ -1,181 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: authentications.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: Authentication - listKind: AuthenticationList - plural: authentications - singular: authentication - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Authentication provides information to configure an operator - to manage authentication. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - oauthAPIServer: - description: OAuthAPIServer holds status specific only to oauth-apiserver - properties: - latestAvailableRevision: - description: LatestAvailableRevision is the latest revision used - as suffix of revisioned secrets like encryption-config. A new - revision causes a new deployment of pods. - format: int32 - minimum: 0 - type: integer - type: object - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml deleted file mode 100644 index 6fddefcd7cb..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml +++ /dev/null @@ -1,174 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: openshiftcontrollermanagers.operator.openshift.io -spec: - group: operator.openshift.io - names: - categories: - - coreoperators - kind: OpenShiftControllerManager - listKind: OpenShiftControllerManagerList - plural: openshiftcontrollermanagers - singular: openshiftcontrollermanager - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "OpenShiftControllerManager provides information to configure - an operator to manage openshift-controller-manager. \n Compatibility level - 1: Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml deleted file mode 100644 index 52ba59ffb39..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml +++ /dev/null @@ -1,190 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/670 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: storages.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: Storage - listKind: StorageList - plural: storages - singular: storage - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Storage provides a means to configure an operator to manage - the cluster storage operator. `cluster` is the canonical name. \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - vsphereStorageDriver: - description: 'VSphereStorageDriver indicates the storage driver to - use on VSphere clusters. Once this field is set to CSIWithMigrationDriver, - it can not be changed. If this is empty, the platform will choose - a good default, which may change over time without notice. The current - default is CSIWithMigrationDriver and may not be changed. DEPRECATED: - This field will be removed in a future release.' - enum: - - "" - - LegacyDeprecatedInTreeDriver - - CSIWithMigrationDriver - type: string - x-kubernetes-validations: - - message: VSphereStorageDriver can not be set to LegacyDeprecatedInTreeDriver - rule: self != "LegacyDeprecatedInTreeDriver" - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml deleted file mode 100644 index b928dd0ccc9..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml +++ /dev/null @@ -1,2244 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/616 - api.openshift.io/merged-by-featuregates: "true" - capability.openshift.io/name: Ingress - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: ingresscontrollers.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: IngressController - listKind: IngressControllerList - plural: ingresscontrollers - singular: ingresscontroller - scope: Namespaced - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "IngressController describes a managed ingress controller for - the cluster. The controller can service OpenShift Route and Kubernetes Ingress - resources. \n When an IngressController is created, a new ingress controller - deployment is created to allow external traffic to reach the services that - expose Ingress or Route resources. Updating this resource may lead to disruption - for public facing network connections as a new ingress controller revision - may be rolled out. \n https://kubernetes.io/docs/concepts/services-networking/ingress-controllers - \n Whenever possible, sensible defaults for the platform are used. See each - field for more details. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - IngressController. - properties: - clientTLS: - description: clientTLS specifies settings for requesting and verifying - client certificates, which can be used to enable mutual TLS for - edge-terminated and reencrypt routes. - properties: - allowedSubjectPatterns: - description: allowedSubjectPatterns specifies a list of regular - expressions that should be matched against the distinguished - name on a valid client certificate to filter requests. The - regular expressions must use PCRE syntax. If this list is empty, - no filtering is performed. If the list is nonempty, then at - least one pattern must match a client certificate's distinguished - name or else the ingress controller rejects the certificate - and denies the connection. - items: - type: string - type: array - x-kubernetes-list-type: atomic - clientCA: - description: clientCA specifies a configmap containing the PEM-encoded - CA certificate bundle that should be used to verify a client's - certificate. The administrator must create this configmap in - the openshift-config namespace. - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - clientCertificatePolicy: - description: "clientCertificatePolicy specifies whether the ingress - controller requires clients to provide certificates. This field - accepts the values \"Required\" or \"Optional\". \n Note that - the ingress controller only checks client certificates for edge-terminated - and reencrypt TLS routes; it cannot check certificates for cleartext - HTTP or passthrough TLS routes." - enum: - - "" - - Required - - Optional - type: string - required: - - clientCA - - clientCertificatePolicy - type: object - defaultCertificate: - description: "defaultCertificate is a reference to a secret containing - the default certificate served by the ingress controller. When Routes - don't specify their own certificate, defaultCertificate is used. - \n The secret must contain the following keys and data: \n tls.crt: - certificate file contents tls.key: key file contents \n If unset, - a wildcard certificate is automatically generated and used. The - certificate is valid for the ingress controller domain (and subdomains) - and the generated certificate's CA will be automatically integrated - with the cluster's trust store. \n If a wildcard certificate is - used and shared by multiple HTTP/2 enabled routes (which implies - ALPN) then clients (i.e., notably browsers) are at liberty to reuse - open connections. This means a client can reuse a connection to - another route and that is likely to fail. This behaviour is generally - known as connection coalescing. \n The in-use certificate (whether - generated or user-specified) will be automatically integrated with - OpenShift's built-in OAuth server." - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - x-kubernetes-map-type: atomic - domain: - description: "domain is a DNS name serviced by the ingress controller - and is used to configure multiple features: \n * For the LoadBalancerService - endpoint publishing strategy, domain is used to configure DNS records. - See endpointPublishingStrategy. \n * When using a generated default - certificate, the certificate will be valid for domain and its subdomains. - See defaultCertificate. \n * The value is published to individual - Route statuses so that end-users know where to target external DNS - records. \n domain must be unique among all IngressControllers, - and cannot be updated. \n If empty, defaults to ingress.config.openshift.io/cluster - .spec.domain." - type: string - endpointPublishingStrategy: - description: "endpointPublishingStrategy is used to publish the ingress - controller endpoints to other networks, enable load balancer integrations, - etc. \n If unset, the default is based on infrastructure.config.openshift.io/cluster - .status.platform: \n AWS: LoadBalancerService (with External - scope) Azure: LoadBalancerService (with External scope) GCP: - \ LoadBalancerService (with External scope) IBMCloud: LoadBalancerService - (with External scope) AlibabaCloud: LoadBalancerService (with External - scope) Libvirt: HostNetwork \n Any other platform types (including - None) default to HostNetwork. \n endpointPublishingStrategy cannot - be updated." - properties: - hostNetwork: - description: hostNetwork holds parameters for the HostNetwork - endpoint publishing strategy. Present only if type is HostNetwork. - properties: - httpPort: - default: 80 - description: httpPort is the port on the host which should - be used to listen for HTTP requests. This field should be - set when port 80 is already in use. The value should not - coincide with the NodePort range of the cluster. When the - value is 0 or is not specified it defaults to 80. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - httpsPort: - default: 443 - description: httpsPort is the port on the host which should - be used to listen for HTTPS requests. This field should - be set when port 443 is already in use. The value should - not coincide with the NodePort range of the cluster. When - the value is 0 or is not specified it defaults to 443. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY - protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." - enum: - - "" - - TCP - - PROXY - type: string - statsPort: - default: 1936 - description: statsPort is the port on the host where the stats - from the router are published. The value should not coincide - with the NodePort range of the cluster. If an external load - balancer is configured to forward connections to this IngressController, - the load balancer should use this port for health checks. - The load balancer can send HTTP probes on this port on a - given node, with the path /healthz/ready to determine if - the ingress controller is ready to receive traffic on the - node. For proper operation the load balancer must not forward - traffic to a node until the health check reports ready. - The load balancer should also stop forwarding requests within - a maximum of 45 seconds after /healthz/ready starts reporting - not-ready. Probing every 5 to 10 seconds, with a 5-second - timeout and with a threshold of two successful or failed - requests to become healthy or unhealthy respectively, are - well-tested values. When the value is 0 or is not specified - it defaults to 1936. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - type: object - loadBalancer: - description: loadBalancer holds parameters for the load balancer. - Present only if type is LoadBalancerService. - properties: - allowedSourceRanges: - description: "allowedSourceRanges specifies an allowlist of - IP address ranges to which access to the load balancer should - be restricted. Each range must be specified using CIDR - notation (e.g. \"10.0.0.0/8\" or \"fd00::/8\"). If no range - is specified, \"0.0.0.0/0\" for IPv4 and \"::/0\" for IPv6 - are used by default, which allows all source addresses. - \n To facilitate migration from earlier versions of OpenShift - that did not have the allowedSourceRanges field, you may - set the service.beta.kubernetes.io/load-balancer-source-ranges - annotation on the \"router-\" service - in the \"openshift-ingress\" namespace, and this annotation - will take effect if allowedSourceRanges is empty on OpenShift - 4.12." - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - nullable: true - type: array - dnsManagementPolicy: - default: Managed - description: 'dnsManagementPolicy indicates if the lifecycle - of the wildcard DNS record associated with the load balancer - service will be managed by the ingress operator. It defaults - to Managed. Valid values are: Managed and Unmanaged.' - enum: - - Managed - - Unmanaged - type: string - providerParameters: - description: "providerParameters holds desired load balancer - information specific to the underlying infrastructure provider. - \n If empty, defaults will be applied. See specific providerParameters - fields for details about their defaults." - properties: - aws: - description: "aws provides configuration settings that - are specific to AWS load balancers. \n If empty, defaults - will be applied. See specific aws fields for details - about their defaults." - properties: - classicLoadBalancer: - description: classicLoadBalancerParameters holds configuration - parameters for an AWS classic load balancer. Present - only if type is Classic. - properties: - connectionIdleTimeout: - description: connectionIdleTimeout specifies the - maximum time period that a connection may be - idle before the load balancer closes the connection. The - value must be parseable as a time duration value; - see . A - nil or zero value means no opinion, in which - case a default value is used. The default value - for this field is 60s. This default is subject - to change. - format: duration - type: string - type: object - networkLoadBalancer: - description: networkLoadBalancerParameters holds configuration - parameters for an AWS network load balancer. Present - only if type is NLB. - type: object - type: - description: "type is the type of AWS load balancer - to instantiate for an ingresscontroller. \n Valid - values are: \n * \"Classic\": A Classic Load Balancer - that makes routing decisions at either the transport - layer (TCP/SSL) or the application layer (HTTP/HTTPS). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb - \n * \"NLB\": A Network Load Balancer that makes - routing decisions at the transport layer (TCP/SSL). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" - enum: - - Classic - - NLB - type: string - required: - - type - type: object - gcp: - description: "gcp provides configuration settings that - are specific to GCP load balancers. \n If empty, defaults - will be applied. See specific gcp fields for details - about their defaults." - properties: - clientAccess: - description: "clientAccess describes how client access - is restricted for internal load balancers. \n Valid - values are: * \"Global\": Specifying an internal - load balancer with Global client access allows clients - from any region within the VPC to communicate with - the load balancer. \n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access - \n * \"Local\": Specifying an internal load balancer - with Local client access means only clients within - the same region (and VPC) as the GCP load balancer - can communicate with the load balancer. Note that - this is the default behavior. \n https://cloud.google.com/load-balancing/docs/internal#client_access" - enum: - - Global - - Local - type: string - type: object - ibm: - description: "ibm provides configuration settings that - are specific to IBM Cloud load balancers. \n If empty, - defaults will be applied. See specific ibm fields for - details about their defaults." - properties: - protocol: - description: "protocol specifies whether the load - balancer uses PROXY protocol to forward connections - to the IngressController. See \"service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: - \"proxy-protocol\"\" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas\" - \n PROXY protocol can be used with load balancers - that support it to communicate the source addresses - of client connections when forwarding those connections - to the IngressController. Using PROXY protocol - enables the IngressController to report those source - addresses instead of reporting the load balancer's - address in HTTP headers and logs. Note that enabling - PROXY protocol on the IngressController will cause - connections to fail if you are not using a load - balancer that uses PROXY protocol to forward connections - to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n Valid values - for protocol are TCP, PROXY and omitted. When omitted, - this means no opinion and the platform is left to - choose a reasonable default, which is subject to - change over time. The current default is TCP, without - the proxy protocol enabled." - enum: - - "" - - TCP - - PROXY - type: string - type: object - type: - description: type is the underlying infrastructure provider - for the load balancer. Allowed values are "AWS", "Azure", - "BareMetal", "GCP", "IBM", "Nutanix", "OpenStack", and - "VSphere". - enum: - - AWS - - Azure - - BareMetal - - GCP - - Nutanix - - OpenStack - - VSphere - - IBM - type: string - required: - - type - type: object - scope: - description: scope indicates the scope at which the load balancer - is exposed. Possible values are "External" and "Internal". - enum: - - Internal - - External - type: string - required: - - dnsManagementPolicy - - scope - type: object - nodePort: - description: nodePort holds parameters for the NodePortService - endpoint publishing strategy. Present only if type is NodePortService. - properties: - protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY - protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." - enum: - - "" - - TCP - - PROXY - type: string - type: object - private: - description: private holds parameters for the Private endpoint - publishing strategy. Present only if type is Private. - properties: - protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY - protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." - enum: - - "" - - TCP - - PROXY - type: string - type: object - type: - description: "type is the publishing strategy to use. Valid values - are: \n * LoadBalancerService \n Publishes the ingress controller - using a Kubernetes LoadBalancer Service. \n In this configuration, - the ingress controller deployment uses container networking. - A LoadBalancer Service is created to publish the deployment. - \n See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - \n If domain is set, a wildcard DNS record will be managed to - point at the LoadBalancer Service's external name. DNS records - are managed only in DNS zones defined by dns.config.openshift.io/cluster - .spec.publicZone and .spec.privateZone. \n Wildcard DNS management - is currently supported only on the AWS, Azure, and GCP platforms. - \n * HostNetwork \n Publishes the ingress controller on node - ports where the ingress controller is deployed. \n In this configuration, - the ingress controller deployment uses host networking, bound - to node ports 80 and 443. The user is responsible for configuring - an external load balancer to publish the ingress controller - via the node ports. \n * Private \n Does not publish the ingress - controller. \n In this configuration, the ingress controller - deployment uses container networking, and is not explicitly - published. The user must manually publish the ingress controller. - \n * NodePortService \n Publishes the ingress controller using - a Kubernetes NodePort Service. \n In this configuration, the - ingress controller deployment uses container networking. A NodePort - Service is created to publish the deployment. The specific node - ports are dynamically allocated by OpenShift; however, to support - static port allocations, user changes to the node port field - of the managed NodePort Service will preserved." - enum: - - LoadBalancerService - - HostNetwork - - Private - - NodePortService - type: string - required: - - type - type: object - httpCompression: - description: httpCompression defines a policy for HTTP traffic compression. - By default, there is no HTTP compression. - properties: - mimeTypes: - description: "mimeTypes is a list of MIME types that should have - compression applied. This list can be empty, in which case the - ingress controller does not apply compression. \n Note: Not - all MIME types benefit from compression, but HAProxy will still - use resources to try to compress if instructed to. Generally - speaking, text (html, css, js, etc.) formats benefit from compression, - but formats that are already compressed (image, audio, video, - etc.) benefit little in exchange for the time and cpu spent - on compressing again. See https://joehonton.medium.com/the-gzip-penalty-d31bd697f1a2" - items: - description: "CompressionMIMEType defines the format of a single - MIME type. E.g. \"text/css; charset=utf-8\", \"text/html\", - \"text/*\", \"image/svg+xml\", \"application/octet-stream\", - \"X-custom/customsub\", etc. \n The format should follow the - Content-Type definition in RFC 1341: Content-Type := type - \"/\" subtype *[\";\" parameter] - The type in Content-Type - can be one of: application, audio, image, message, multipart, - text, video, or a custom type preceded by \"X-\" and followed - by a token as defined below. - The token is a string of at - least one character, and not containing white space, control - characters, or any of the characters in the tspecials set. - - The tspecials set contains the characters ()<>@,;:\\\"/[]?.= - - The subtype in Content-Type is also a token. - The optional - parameter/s following the subtype are defined as: token \"=\" - (token / quoted-string) - The quoted-string, as defined in - RFC 822, is surrounded by double quotes and can contain white - space plus any character EXCEPT \\, \", and CR. It can also - contain any single ASCII character as long as it is escaped - by \\." - pattern: ^(?i)(x-[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|application|audio|image|message|multipart|text|video)/[^][ - ()\\<>@,;:"/?.=\x00-\x1F\x7F]+(; *[^][ ()\\<>@,;:"/?.=\x00-\x1F\x7F]+=([^][ - ()\\<>@,;:"/?.=\x00-\x1F\x7F]+|"(\\[\x00-\x7F]|[^\x0D"\\])*"))*$ - type: string - type: array - x-kubernetes-list-type: set - type: object - httpEmptyRequestsPolicy: - default: Respond - description: "httpEmptyRequestsPolicy describes how HTTP connections - should be handled if the connection times out before a request is - received. Allowed values for this field are \"Respond\" and \"Ignore\". - \ If the field is set to \"Respond\", the ingress controller sends - an HTTP 400 or 408 response, logs the connection (if access logging - is enabled), and counts the connection in the appropriate metrics. - \ If the field is set to \"Ignore\", the ingress controller closes - the connection without sending a response, logging the connection, - or incrementing metrics. The default value is \"Respond\". \n Typically, - these connections come from load balancers' health probes or Web - browsers' speculative connections (\"preconnect\") and can be safely - ignored. However, these requests may also be caused by network - errors, and so setting this field to \"Ignore\" may impede detection - and diagnosis of problems. In addition, these requests may be caused - by port scans, in which case logging empty requests may aid in detecting - intrusion attempts." - enum: - - Respond - - Ignore - type: string - httpErrorCodePages: - description: httpErrorCodePages specifies a configmap with custom - error pages. The administrator must create this configmap in the - openshift-config namespace. This configmap should have keys in the - format "error-page-.http", where is an - HTTP error code. For example, "error-page-503.http" defines an error - page for HTTP 503 responses. Currently only error pages for 503 - and 404 responses can be customized. Each value in the configmap - should be the full response, including HTTP headers. Eg- https://raw.githubusercontent.com/openshift/router/fadab45747a9b30cc3f0a4b41ad2871f95827a93/images/router/haproxy/conf/error-page-503.http - If this field is empty, the ingress controller uses the default - error pages. - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - required: - - name - type: object - httpHeaders: - description: "httpHeaders defines policy for HTTP headers. \n If this - field is empty, the default values are used." - properties: - actions: - description: 'actions specifies options for modifying headers - and their values. Note that this option only applies to cleartext - HTTP connections and to secure HTTP connections for which the - ingress controller terminates encryption (that is, edge-terminated - or reencrypt connections). Headers cannot be modified for TLS - passthrough connections. Setting the HSTS (`Strict-Transport-Security`) - header is not supported via actions. `Strict-Transport-Security` - may only be configured using the "haproxy.router.openshift.io/hsts_header" - route annotation, and only in accordance with the policy specified - in Ingress.Spec.RequiredHSTSPolicies. Any actions defined here - are applied after any actions related to the following other - fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, - spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. - In case of HTTP request headers, the actions specified in spec.httpHeaders.actions - on the Route will be executed after the actions specified in - the IngressController''s spec.httpHeaders.actions field. In - case of HTTP response headers, the actions specified in spec.httpHeaders.actions - on the IngressController will be executed after the actions - specified in the Route''s spec.httpHeaders.actions field. Headers - set using this API cannot be captured for use in access logs. - The following header names are reserved and may not be modified - via this API: Strict-Transport-Security, Proxy, Host, Cookie, - Set-Cookie. Note that the total size of all net added headers - *after* interpolating dynamic values must not exceed the value - of spec.tuningOptions.headerBufferMaxRewriteBytes on the IngressController. - Please refer to the documentation for that API field for more - details.' - properties: - request: - description: 'request is a list of HTTP request headers to - modify. Actions defined here will modify the request headers - of all requests passing through an ingress controller. These - actions are applied to all Routes i.e. for all connections - handled by the ingress controller defined within a cluster. - IngressController actions for request headers will be executed - before Route actions. Currently, actions may define to either - `Set` or `Delete` headers values. Actions are applied in - sequence as defined in this list. A maximum of 20 request - header actions may be configured. Sample fetchers allowed - are "req.hdr" and "ssl_c_der". Converters allowed are "lower" - and "base64". Example header values: "%[req.hdr(X-target),lower]", - "%{+Q}[ssl_c_der,base64]".' - items: - description: IngressControllerHTTPHeader specifies configuration - for setting or deleting an HTTP header. - properties: - action: - description: action specifies actions to perform on - headers, such as setting or deleting headers. - properties: - set: - description: set specifies how the HTTP header should - be set. This field is required when type is Set - and forbidden otherwise. - properties: - value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and - may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. - maxLength: 16384 - minLength: 1 - type: string - required: - - value - type: object - type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. - enum: - - Set - - Delete - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: set is required when type is Set, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) - : !has(self.set)' - name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Host, Cookie, Set-Cookie. It must be no more - than 255 characters in length. Header name must be - unique.' - maxLength: 255 - minLength: 1 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - x-kubernetes-validations: - - message: strict-transport-security header may not - be modified via header actions - rule: self.lowerAscii() != 'strict-transport-security' - - message: proxy header may not be modified via header - actions - rule: self.lowerAscii() != 'proxy' - - message: host header may not be modified via header - actions - rule: self.lowerAscii() != 'host' - - message: cookie header may not be modified via header - actions - rule: self.lowerAscii() != 'cookie' - - message: set-cookie header may not be modified via - header actions - rule: self.lowerAscii() != 'set-cookie' - required: - - action - - name - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: Either the header value provided is not in correct - format or the sample fetcher/converter specified is not - allowed. The dynamic header value will be interpreted - as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise must be - a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - Sample fetchers allowed are req.hdr, ssl_c_der. Converters - allowed are lower, base64. - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) - && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) - response: - description: 'response is a list of HTTP response headers - to modify. Actions defined here will modify the response - headers of all requests passing through an ingress controller. - These actions are applied to all Routes i.e. for all connections - handled by the ingress controller defined within a cluster. - IngressController actions for response headers will be executed - after Route actions. Currently, actions may define to either - `Set` or `Delete` headers values. Actions are applied in - sequence as defined in this list. A maximum of 20 response - header actions may be configured. Sample fetchers allowed - are "res.hdr" and "ssl_c_der". Converters allowed are "lower" - and "base64". Example header values: "%[res.hdr(X-target),lower]", - "%{+Q}[ssl_c_der,base64]".' - items: - description: IngressControllerHTTPHeader specifies configuration - for setting or deleting an HTTP header. - properties: - action: - description: action specifies actions to perform on - headers, such as setting or deleting headers. - properties: - set: - description: set specifies how the HTTP header should - be set. This field is required when type is Set - and forbidden otherwise. - properties: - value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and - may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. - maxLength: 16384 - minLength: 1 - type: string - required: - - value - type: object - type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. - enum: - - Set - - Delete - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: set is required when type is Set, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) - : !has(self.set)' - name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Host, Cookie, Set-Cookie. It must be no more - than 255 characters in length. Header name must be - unique.' - maxLength: 255 - minLength: 1 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - x-kubernetes-validations: - - message: strict-transport-security header may not - be modified via header actions - rule: self.lowerAscii() != 'strict-transport-security' - - message: proxy header may not be modified via header - actions - rule: self.lowerAscii() != 'proxy' - - message: host header may not be modified via header - actions - rule: self.lowerAscii() != 'host' - - message: cookie header may not be modified via header - actions - rule: self.lowerAscii() != 'cookie' - - message: set-cookie header may not be modified via - header actions - rule: self.lowerAscii() != 'set-cookie' - required: - - action - - name - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: Either the header value provided is not in correct - format or the sample fetcher/converter specified is not - allowed. The dynamic header value will be interpreted - as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise must be - a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - Sample fetchers allowed are res.hdr, ssl_c_der. Converters - allowed are lower, base64. - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) - && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) - type: object - forwardedHeaderPolicy: - description: "forwardedHeaderPolicy specifies when and how the - IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, - X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version - HTTP headers. The value may be one of the following: \n * \"Append\", - which specifies that the IngressController appends the headers, - preserving existing headers. \n * \"Replace\", which specifies - that the IngressController sets the headers, replacing any existing - Forwarded or X-Forwarded-* headers. \n * \"IfNone\", which specifies - that the IngressController sets the headers if they are not - already set. \n * \"Never\", which specifies that the IngressController - never sets the headers, preserving any existing headers. \n - By default, the policy is \"Append\"." - enum: - - Append - - Replace - - IfNone - - Never - type: string - headerNameCaseAdjustments: - description: "headerNameCaseAdjustments specifies case adjustments - that can be applied to HTTP header names. Each adjustment is - specified as an HTTP header name with the desired capitalization. - \ For example, specifying \"X-Forwarded-For\" indicates that - the \"x-forwarded-for\" HTTP header should be adjusted to have - the specified capitalization. \n These adjustments are only - applied to cleartext, edge-terminated, and re-encrypt routes, - and only when using HTTP/1. \n For request headers, these adjustments - are applied only for routes that have the haproxy.router.openshift.io/h1-adjust-case=true - annotation. For response headers, these adjustments are applied - to all HTTP responses. \n If this field is empty, no request - headers are adjusted." - items: - description: IngressControllerHTTPHeaderNameCaseAdjustment is - the name of an HTTP header (for example, "X-Forwarded-For") - in the desired capitalization. The value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - maxLength: 1024 - minLength: 0 - pattern: ^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - nullable: true - type: array - uniqueId: - description: "uniqueId describes configuration for a custom HTTP - header that the ingress controller should inject into incoming - HTTP requests. Typically, this header is configured to have - a value that is unique to the HTTP request. The header can - be used by applications or included in access logs to facilitate - tracing individual HTTP requests. \n If this field is empty, - no such header is injected into requests." - properties: - format: - description: 'format specifies the format for the injected - HTTP header''s value. This field has no effect unless name - is specified. For the HAProxy-based ingress controller - implementation, this format uses the same syntax as the - HTTP log format. If the field is empty, the default value - is "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"; see the corresponding - HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3' - maxLength: 1024 - minLength: 0 - pattern: ^(%(%|(\{[-+]?[QXE](,[-+]?[QXE])*\})?([A-Za-z]+|\[[.0-9A-Z_a-z]+(\([^)]+\))?(,[.0-9A-Z_a-z]+(\([^)]+\))?)*\]))|[^%[:cntrl:]])*$ - type: string - name: - description: name specifies the name of the HTTP header (for - example, "unique-id") that the ingress controller should - inject into HTTP requests. The field's value must be a - valid HTTP header name as defined in RFC 2616 section 4.2. If - the field is empty, no header is injected. - maxLength: 1024 - minLength: 0 - pattern: ^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - type: object - type: object - logging: - description: logging defines parameters for what should be logged - where. If this field is empty, operational logs are enabled but - access logs are disabled. - properties: - access: - description: "access describes how the client requests should - be logged. \n If this field is empty, access logging is disabled." - properties: - destination: - description: destination is where access logs go. - properties: - container: - description: container holds parameters for the Container - logging destination. Present only if type is Container. - properties: - maxLength: - default: 1024 - description: "maxLength is the maximum length of the - log message. \n Valid values are integers in the - range 480 to 8192, inclusive. \n When omitted, the - default value is 1024." - format: int32 - maximum: 8192 - minimum: 480 - type: integer - type: object - syslog: - description: syslog holds parameters for a syslog endpoint. Present - only if type is Syslog. - oneOf: - - properties: - address: - format: ipv4 - - properties: - address: - format: ipv6 - properties: - address: - description: address is the IP address of the syslog - endpoint that receives log messages. - type: string - facility: - description: "facility specifies the syslog facility - of log messages. \n If this field is empty, the - facility is \"local1\"." - enum: - - kern - - user - - mail - - daemon - - auth - - syslog - - lpr - - news - - uucp - - cron - - auth2 - - ftp - - ntp - - audit - - alert - - cron2 - - local0 - - local1 - - local2 - - local3 - - local4 - - local5 - - local6 - - local7 - type: string - maxLength: - default: 1024 - description: "maxLength is the maximum length of the - log message. \n Valid values are integers in the - range 480 to 4096, inclusive. \n When omitted, the - default value is 1024." - format: int32 - maximum: 4096 - minimum: 480 - type: integer - port: - description: port is the UDP port number of the syslog - endpoint that receives log messages. - format: int32 - maximum: 65535 - minimum: 1 - type: integer - required: - - address - - port - type: object - type: - description: "type is the type of destination for logs. - \ It must be one of the following: \n * Container \n - The ingress operator configures the sidecar container - named \"logs\" on the ingress controller pod and configures - the ingress controller to write logs to the sidecar. - \ The logs are then available as container logs. The - expectation is that the administrator configures a custom - logging solution that reads logs from this sidecar. - \ Note that using container logs means that logs may - be dropped if the rate of logs exceeds the container - runtime's or the custom logging solution's capacity. - \n * Syslog \n Logs are sent to a syslog endpoint. The - administrator must specify an endpoint that can receive - syslog messages. The expectation is that the administrator - has configured a custom syslog instance." - enum: - - Container - - Syslog - type: string - required: - - type - type: object - httpCaptureCookies: - description: httpCaptureCookies specifies HTTP cookies that - should be captured in access logs. If this field is empty, - no cookies are captured. - items: - description: IngressControllerCaptureHTTPCookie describes - an HTTP cookie that should be captured. - properties: - matchType: - description: matchType specifies the type of match to - be performed on the cookie name. Allowed values are - "Exact" for an exact string match and "Prefix" for - a string prefix match. If "Exact" is specified, a - name must be specified in the name field. If "Prefix" - is provided, a prefix must be specified in the namePrefix - field. For example, specifying matchType "Prefix" - and namePrefix "foo" will capture a cookie named "foo" - or "foobar" but not one named "bar". The first matching - cookie is captured. - enum: - - Exact - - Prefix - type: string - maxLength: - description: maxLength specifies a maximum length of - the string that will be logged, which includes the - cookie name, cookie value, and one-character delimiter. If - the log entry exceeds this length, the value will - be truncated in the log message. Note that the ingress - controller may impose a separate bound on the total - length of HTTP headers in a request. - maximum: 1024 - minimum: 1 - type: integer - name: - description: name specifies a cookie name. Its value - must be a valid HTTP cookie name as defined in RFC - 6265 section 4.1. - maxLength: 1024 - minLength: 0 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$ - type: string - namePrefix: - description: namePrefix specifies a cookie name prefix. Its - value must be a valid HTTP cookie name as defined - in RFC 6265 section 4.1. - maxLength: 1024 - minLength: 0 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$ - type: string - required: - - matchType - - maxLength - type: object - maxItems: 1 - nullable: true - type: array - httpCaptureHeaders: - description: "httpCaptureHeaders defines HTTP headers that - should be captured in access logs. If this field is empty, - no headers are captured. \n Note that this option only applies - to cleartext HTTP connections and to secure HTTP connections - for which the ingress controller terminates encryption (that - is, edge-terminated or reencrypt connections). Headers - cannot be captured for TLS passthrough connections." - properties: - request: - description: "request specifies which HTTP request headers - to capture. \n If this field is empty, no request headers - are captured." - items: - description: IngressControllerCaptureHTTPHeader describes - an HTTP header that should be captured. - properties: - maxLength: - description: maxLength specifies a maximum length - for the header value. If a header value exceeds - this length, the value will be truncated in the - log message. Note that the ingress controller - may impose a separate bound on the total length - of HTTP headers in a request. - minimum: 1 - type: integer - name: - description: name specifies a header name. Its - value must be a valid HTTP header name as defined - in RFC 2616 section 4.2. - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - required: - - maxLength - - name - type: object - nullable: true - type: array - response: - description: "response specifies which HTTP response headers - to capture. \n If this field is empty, no response headers - are captured." - items: - description: IngressControllerCaptureHTTPHeader describes - an HTTP header that should be captured. - properties: - maxLength: - description: maxLength specifies a maximum length - for the header value. If a header value exceeds - this length, the value will be truncated in the - log message. Note that the ingress controller - may impose a separate bound on the total length - of HTTP headers in a request. - minimum: 1 - type: integer - name: - description: name specifies a header name. Its - value must be a valid HTTP header name as defined - in RFC 2616 section 4.2. - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - required: - - maxLength - - name - type: object - nullable: true - type: array - type: object - httpLogFormat: - description: "httpLogFormat specifies the format of the log - message for an HTTP request. \n If this field is empty, - log messages use the implementation's default HTTP log format. - \ For HAProxy's default HTTP log format, see the HAProxy - documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 - \n Note that this format only applies to cleartext HTTP - connections and to secure HTTP connections for which the - ingress controller terminates encryption (that is, edge-terminated - or reencrypt connections). It does not affect the log format - for TLS passthrough connections." - type: string - logEmptyRequests: - default: Log - description: logEmptyRequests specifies how connections on - which no request is received should be logged. Typically, - these empty requests come from load balancers' health probes - or Web browsers' speculative connections ("preconnect"), - in which case logging these requests may be undesirable. However, - these requests may also be caused by network errors, in - which case logging empty requests may be useful for diagnosing - the errors. In addition, these requests may be caused by - port scans, in which case logging empty requests may aid - in detecting intrusion attempts. Allowed values for this - field are "Log" and "Ignore". The default value is "Log". - enum: - - Log - - Ignore - type: string - required: - - destination - type: object - type: object - namespaceSelector: - description: "namespaceSelector is used to filter the set of namespaces - serviced by the ingress controller. This is useful for implementing - shards. \n If unset, the default is no filtering." - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - nodePlacement: - description: "nodePlacement enables explicit control over the scheduling - of the ingress controller. \n If unset, defaults are used. See NodePlacement - for more details." - properties: - nodeSelector: - description: "nodeSelector is the node selector applied to ingress - controller deployments. \n If set, the specified selector is - used and replaces the default. \n If unset, the default depends - on the value of the defaultPlacement field in the cluster config.openshift.io/v1/ingresses - status. \n When defaultPlacement is Workers, the default is: - \n kubernetes.io/os: linux node-role.kubernetes.io/worker: '' - \n When defaultPlacement is ControlPlane, the default is: \n - kubernetes.io/os: linux node-role.kubernetes.io/master: '' \n - These defaults are subject to change. \n Note that using nodeSelector.matchExpressions - is not supported. Only nodeSelector.matchLabels may be used. - \ This is a limitation of the Kubernetes API: the pod spec does - not allow complex expressions for node selectors." - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that relates - the key and values. - properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, - Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. If - the operator is In or NotIn, the values array must - be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced - during a strategic merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A - single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field is "key", - the operator is "In", and the values array contains only - "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - tolerations: - description: "tolerations is a list of tolerations applied to - ingress controller deployments. \n The default is an empty list. - \n See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/" - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - replicas: - description: "replicas is the desired number of ingress controller - replicas. If unset, the default depends on the value of the defaultPlacement - field in the cluster config.openshift.io/v1/ingresses status. \n - The value of replicas is set based on the value of a chosen field - in the Infrastructure CR. If defaultPlacement is set to ControlPlane, - the chosen field will be controlPlaneTopology. If it is set to Workers - the chosen field will be infrastructureTopology. Replicas will then - be set to 1 or 2 based whether the chosen field's value is SingleReplica - or HighlyAvailable, respectively. \n These defaults are subject - to change." - format: int32 - type: integer - routeAdmission: - description: "routeAdmission defines a policy for handling new route - claims (for example, to allow or deny claims across namespaces). - \n If empty, defaults will be applied. See specific routeAdmission - fields for details about their defaults." - properties: - namespaceOwnership: - description: "namespaceOwnership describes how host name claims - across namespaces should be handled. \n Value must be one of: - \n - Strict: Do not allow routes in different namespaces to - claim the same host. \n - InterNamespaceAllowed: Allow routes - to claim different paths of the same host name across namespaces. - \n If empty, the default is Strict." - enum: - - InterNamespaceAllowed - - Strict - type: string - wildcardPolicy: - description: "wildcardPolicy describes how routes with wildcard - policies should be handled for the ingress controller. WildcardPolicy - controls use of routes [1] exposed by the ingress controller - based on the route's wildcard policy. \n [1] https://github.com/openshift/api/blob/master/route/v1/types.go - \n Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed - will cause admitted routes with a wildcard policy of Subdomain - to stop working. These routes must be updated to a wildcard - policy of None to be readmitted by the ingress controller. \n - WildcardPolicy supports WildcardsAllowed and WildcardsDisallowed - values. \n If empty, defaults to \"WildcardsDisallowed\"." - enum: - - WildcardsAllowed - - WildcardsDisallowed - type: string - type: object - routeSelector: - description: "routeSelector is used to filter the set of Routes serviced - by the ingress controller. This is useful for implementing shards. - \n If unset, the default is no filtering." - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - tlsSecurityProfile: - description: "tlsSecurityProfile specifies settings for TLS connections - for ingresscontrollers. \n If unset, the default is based on the - apiservers.config.openshift.io/cluster resource. \n Note that when - using the Old, Intermediate, and Modern profile types, the effective - profile configuration is subject to change between releases. For - example, given a specification to use the Intermediate profile deployed - on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new - profile configuration to be applied to the ingress controller, resulting - in a rollout." - properties: - custom: - description: "custom is a user-defined TLS security profile. Be - extremely careful using a custom profile as invalid configurations - can be catastrophic. An example custom profile looks like this: - \n ciphers: \n - ECDHE-ECDSA-CHACHA20-POLY1305 \n - ECDHE-RSA-CHACHA20-POLY1305 - \n - ECDHE-RSA-AES128-GCM-SHA256 \n - ECDHE-ECDSA-AES128-GCM-SHA256 - \n minTLSVersion: VersionTLS11" - nullable: true - properties: - ciphers: - description: "ciphers is used to specify the cipher algorithms - that are negotiated during the TLS handshake. Operators - may remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" - items: - type: string - type: array - minTLSVersion: - description: "minTLSVersion is used to specify the minimal - version of the TLS protocol that is negotiated during the - TLS handshake. For example, to use TLS versions 1.1, 1.2 - and 1.3 (yaml): \n minTLSVersion: VersionTLS11 \n NOTE: - currently the highest minTLSVersion allowed is VersionTLS12" - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - type: string - type: object - intermediate: - description: "intermediate is a TLS security profile based on: - \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - \n and looks like this (yaml): \n ciphers: \n - TLS_AES_128_GCM_SHA256 - \n - TLS_AES_256_GCM_SHA384 \n - TLS_CHACHA20_POLY1305_SHA256 - \n - ECDHE-ECDSA-AES128-GCM-SHA256 \n - ECDHE-RSA-AES128-GCM-SHA256 - \n - ECDHE-ECDSA-AES256-GCM-SHA384 \n - ECDHE-RSA-AES256-GCM-SHA384 - \n - ECDHE-ECDSA-CHACHA20-POLY1305 \n - ECDHE-RSA-CHACHA20-POLY1305 - \n - DHE-RSA-AES128-GCM-SHA256 \n - DHE-RSA-AES256-GCM-SHA384 - \n minTLSVersion: VersionTLS12" - nullable: true - type: object - modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - \n and looks like this (yaml): \n ciphers: \n - TLS_AES_128_GCM_SHA256 - \n - TLS_AES_256_GCM_SHA384 \n - TLS_CHACHA20_POLY1305_SHA256 - \n minTLSVersion: VersionTLS13" - nullable: true - type: object - old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - \n and looks like this (yaml): \n ciphers: \n - TLS_AES_128_GCM_SHA256 - \n - TLS_AES_256_GCM_SHA384 \n - TLS_CHACHA20_POLY1305_SHA256 - \n - ECDHE-ECDSA-AES128-GCM-SHA256 \n - ECDHE-RSA-AES128-GCM-SHA256 - \n - ECDHE-ECDSA-AES256-GCM-SHA384 \n - ECDHE-RSA-AES256-GCM-SHA384 - \n - ECDHE-ECDSA-CHACHA20-POLY1305 \n - ECDHE-RSA-CHACHA20-POLY1305 - \n - DHE-RSA-AES128-GCM-SHA256 \n - DHE-RSA-AES256-GCM-SHA384 - \n - DHE-RSA-CHACHA20-POLY1305 \n - ECDHE-ECDSA-AES128-SHA256 - \n - ECDHE-RSA-AES128-SHA256 \n - ECDHE-ECDSA-AES128-SHA \n - - ECDHE-RSA-AES128-SHA \n - ECDHE-ECDSA-AES256-SHA384 \n - ECDHE-RSA-AES256-SHA384 - \n - ECDHE-ECDSA-AES256-SHA \n - ECDHE-RSA-AES256-SHA \n - DHE-RSA-AES128-SHA256 - \n - DHE-RSA-AES256-SHA256 \n - AES128-GCM-SHA256 \n - AES256-GCM-SHA384 - \n - AES128-SHA256 \n - AES256-SHA256 \n - AES128-SHA \n - AES256-SHA - \n - DES-CBC3-SHA \n minTLSVersion: VersionTLS10" - nullable: true - type: object - type: - description: "type is one of Old, Intermediate, Modern or Custom. - Custom provides the ability to specify individual TLS security - profile parameters. Old, Intermediate and Modern are TLS security - profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - \n The profiles are intent based, so they may change over time - as new ciphers are developed and existing ciphers are found - to be insecure. Depending on precisely which ciphers are available - to a process, the list may be reduced. \n Note that the Modern - profile is currently not supported because it is not yet well - adopted by common software libraries." - enum: - - Old - - Intermediate - - Modern - - Custom - type: string - type: object - tuningOptions: - anyOf: - - properties: - maxConnections: - enum: - - -1 - - 0 - - properties: - maxConnections: - format: int32 - maximum: 2000000 - minimum: 2000 - description: "tuningOptions defines parameters for adjusting the performance - of ingress controller pods. All fields are optional and will use - their respective defaults if not set. See specific tuningOptions - fields for more details. \n Setting fields within tuningOptions - is generally not recommended. The default values are suitable for - most configurations." - properties: - clientFinTimeout: - description: "clientFinTimeout defines how long a connection will - be held open while waiting for the client response to the server/backend - closing the connection. \n If unset, the default timeout is - 1s" - format: duration - type: string - clientTimeout: - description: "clientTimeout defines how long a connection will - be held open while waiting for a client response. \n If unset, - the default timeout is 30s" - format: duration - type: string - headerBufferBytes: - description: "headerBufferBytes describes how much memory should - be reserved (in bytes) for IngressController connection sessions. - Note that this value must be at least 16384 if HTTP/2 is enabled - for the IngressController (https://tools.ietf.org/html/rfc7540). - If this field is empty, the IngressController will use a default - value of 32768 bytes. \n Setting this field is generally not - recommended as headerBufferBytes values that are too small may - break the IngressController and headerBufferBytes values that - are too large could cause the IngressController to use significantly - more memory than necessary." - format: int32 - minimum: 16384 - type: integer - headerBufferMaxRewriteBytes: - description: "headerBufferMaxRewriteBytes describes how much memory - should be reserved (in bytes) from headerBufferBytes for HTTP - header rewriting and appending for IngressController connection - sessions. Note that incoming HTTP requests will be limited to - (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning - headerBufferBytes must be greater than headerBufferMaxRewriteBytes. - If this field is empty, the IngressController will use a default - value of 8192 bytes. \n Setting this field is generally not - recommended as headerBufferMaxRewriteBytes values that are too - small may break the IngressController and headerBufferMaxRewriteBytes - values that are too large could cause the IngressController - to use significantly more memory than necessary." - format: int32 - minimum: 4096 - type: integer - healthCheckInterval: - description: "healthCheckInterval defines how long the router - waits between two consecutive health checks on its configured - backends. This value is applied globally as a default for all - routes, but may be overridden per-route by the route annotation - \"router.openshift.io/haproxy.health.check.interval\". \n Expects - an unsigned duration string of decimal numbers, each with optional - fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". - Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" - U+03BC), \"ms\", \"s\", \"m\", \"h\". \n Setting this to less - than 5s can cause excess traffic due to too frequent TCP health - checks and accompanying SYN packet storms. Alternatively, setting - this too high can result in increased latency, due to backend - servers that are no longer available, but haven't yet been detected - as such. \n An empty or zero healthCheckInterval means no opinion - and IngressController chooses a default, which is subject to - change over time. Currently the default healthCheckInterval - value is 5s. \n Currently the minimum allowed value is 1s and - the maximum allowed value is 2147483647ms (24.85 days). Both - are subject to change over time." - pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ - type: string - maxConnections: - description: "maxConnections defines the maximum number of simultaneous - connections that can be established per HAProxy process. Increasing - this value allows each ingress controller pod to handle more - connections but at the cost of additional system resources being - consumed. \n Permitted values are: empty, 0, -1, and the range - 2000-2000000. \n If this field is empty or 0, the IngressController - will use the default value of 50000, but the default is subject - to change in future releases. \n If the value is -1 then HAProxy - will dynamically compute a maximum value based on the available - ulimits in the running container. Selecting -1 (i.e., auto) - will result in a large value being computed (~520000 on OpenShift - >=4.10 clusters) and therefore each HAProxy process will incur - significant memory usage compared to the current default of - 50000. \n Setting a value that is greater than the current operating - system limit will prevent the HAProxy process from starting. - \n If you choose a discrete value (e.g., 750000) and the router - pod is migrated to a new node, there's no guarantee that that - new node has identical ulimits configured. In such a scenario - the pod would fail to start. If you have nodes with different - ulimits configured (e.g., different tuned profiles) and you - choose a discrete value then the guidance is to use -1 and let - the value be computed dynamically at runtime. \n You can monitor - memory usage for router containers with the following metric: - 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}'. - \n You can monitor memory usage of individual HAProxy processes - in router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}/container_processes{container=\"router\",namespace=\"openshift-ingress\"}'." - format: int32 - type: integer - reloadInterval: - description: "reloadInterval defines the minimum interval at which - the router is allowed to reload to accept new changes. Increasing - this value can prevent the accumulation of HAProxy processes, - depending on the scenario. Increasing this interval can also - lessen load imbalance on a backend's servers when using the - roundrobin balancing algorithm. Alternatively, decreasing this - value may decrease latency since updates to HAProxy's configuration - can take effect more quickly. \n The value must be a time duration - value; see . Currently, - the minimum value allowed is 1s, and the maximum allowed value - is 120s. Minimum and maximum allowed values may change in future - versions of OpenShift. Note that if a duration outside of these - bounds is provided, the value of reloadInterval will be capped/floored - and not rejected (e.g. a duration of over 120s will be capped - to 120s; the IngressController will not reject and replace this - disallowed value with the default). \n A zero value for reloadInterval - tells the IngressController to choose the default, which is - currently 5s and subject to change without notice. \n This field - expects an unsigned duration string of decimal numbers, each - with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" - or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" - U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\". \n Note: - Setting a value significantly larger than the default of 5s - can cause latency in observing updates to routes and their endpoints. - HAProxy's configuration will be reloaded less frequently, and - newly created routes will not be served until the subsequent - reload." - pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ - type: string - serverFinTimeout: - description: "serverFinTimeout defines how long a connection will - be held open while waiting for the server/backend response to - the client closing the connection. \n If unset, the default - timeout is 1s" - format: duration - type: string - serverTimeout: - description: "serverTimeout defines how long a connection will - be held open while waiting for a server/backend response. \n - If unset, the default timeout is 30s" - format: duration - type: string - threadCount: - description: "threadCount defines the number of threads created - per HAProxy process. Creating more threads allows each ingress - controller pod to handle more connections, at the cost of more - system resources being used. HAProxy currently supports up to - 64 threads. If this field is empty, the IngressController will - use the default value. The current default is 4 threads, but - this may change in future releases. \n Setting this field is - generally not recommended. Increasing the number of HAProxy - threads allows ingress controller pods to utilize more CPU time - under load, potentially starving other pods if set too high. - Reducing the number of threads may cause the ingress controller - to perform poorly." - format: int32 - maximum: 64 - minimum: 1 - type: integer - tlsInspectDelay: - description: "tlsInspectDelay defines how long the router can - hold data to find a matching route. \n Setting this too short - can cause the router to fall back to the default certificate - for edge-terminated or reencrypt routes even when a better matching - certificate could be used. \n If unset, the default inspect - delay is 5s" - format: duration - type: string - tunnelTimeout: - description: "tunnelTimeout defines how long a tunnel connection - (including websockets) will be held open while the tunnel is - idle. \n If unset, the default timeout is 1h" - format: duration - type: string - type: object - unsupportedConfigOverrides: - description: unsupportedConfigOverrides allows specifying unsupported - configuration options. Its use is unsupported. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status is the most recently observed status of the IngressController. - properties: - availableReplicas: - description: availableReplicas is number of observed available replicas - according to the ingress controller deployment. - format: int32 - type: integer - conditions: - description: "conditions is a list of conditions and their status. - \n Available means the ingress controller deployment is available - and servicing route and ingress resources (i.e, .status.availableReplicas - equals .spec.replicas) \n There are additional conditions which - indicate the status of other ingress controller features and capabilities. - \n * LoadBalancerManaged - True if the following conditions are - met: * The endpoint publishing strategy requires a service load - balancer. - False if any of those conditions are unsatisfied. \n - * LoadBalancerReady - True if the following conditions are met: - * A load balancer is managed. * The load balancer is ready. - False - if any of those conditions are unsatisfied. \n * DNSManaged - True - if the following conditions are met: * The endpoint publishing strategy - and platform support DNS. * The ingress controller domain is set. - * dns.config.openshift.io/cluster configures DNS zones. - False - if any of those conditions are unsatisfied. \n * DNSReady - True - if the following conditions are met: * DNS is managed. * DNS records - have been successfully created. - False if any of those conditions - are unsatisfied." - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - domain: - description: domain is the actual domain in use. - type: string - endpointPublishingStrategy: - description: endpointPublishingStrategy is the actual strategy in - use. - properties: - hostNetwork: - description: hostNetwork holds parameters for the HostNetwork - endpoint publishing strategy. Present only if type is HostNetwork. - properties: - httpPort: - default: 80 - description: httpPort is the port on the host which should - be used to listen for HTTP requests. This field should be - set when port 80 is already in use. The value should not - coincide with the NodePort range of the cluster. When the - value is 0 or is not specified it defaults to 80. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - httpsPort: - default: 443 - description: httpsPort is the port on the host which should - be used to listen for HTTPS requests. This field should - be set when port 443 is already in use. The value should - not coincide with the NodePort range of the cluster. When - the value is 0 or is not specified it defaults to 443. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY - protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." - enum: - - "" - - TCP - - PROXY - type: string - statsPort: - default: 1936 - description: statsPort is the port on the host where the stats - from the router are published. The value should not coincide - with the NodePort range of the cluster. If an external load - balancer is configured to forward connections to this IngressController, - the load balancer should use this port for health checks. - The load balancer can send HTTP probes on this port on a - given node, with the path /healthz/ready to determine if - the ingress controller is ready to receive traffic on the - node. For proper operation the load balancer must not forward - traffic to a node until the health check reports ready. - The load balancer should also stop forwarding requests within - a maximum of 45 seconds after /healthz/ready starts reporting - not-ready. Probing every 5 to 10 seconds, with a 5-second - timeout and with a threshold of two successful or failed - requests to become healthy or unhealthy respectively, are - well-tested values. When the value is 0 or is not specified - it defaults to 1936. - format: int32 - maximum: 65535 - minimum: 0 - type: integer - type: object - loadBalancer: - description: loadBalancer holds parameters for the load balancer. - Present only if type is LoadBalancerService. - properties: - allowedSourceRanges: - description: "allowedSourceRanges specifies an allowlist of - IP address ranges to which access to the load balancer should - be restricted. Each range must be specified using CIDR - notation (e.g. \"10.0.0.0/8\" or \"fd00::/8\"). If no range - is specified, \"0.0.0.0/0\" for IPv4 and \"::/0\" for IPv6 - are used by default, which allows all source addresses. - \n To facilitate migration from earlier versions of OpenShift - that did not have the allowedSourceRanges field, you may - set the service.beta.kubernetes.io/load-balancer-source-ranges - annotation on the \"router-\" service - in the \"openshift-ingress\" namespace, and this annotation - will take effect if allowedSourceRanges is empty on OpenShift - 4.12." - items: - description: CIDR is an IP address range in CIDR notation - (for example, "10.0.0.0/8" or "fd00::/8"). - pattern: (^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])/([0-9]|[12][0-9]|3[0-2])$)|(^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/(12[0-8]|1[0-1][0-9]|[1-9][0-9]|[0-9]))$) - type: string - nullable: true - type: array - dnsManagementPolicy: - default: Managed - description: 'dnsManagementPolicy indicates if the lifecycle - of the wildcard DNS record associated with the load balancer - service will be managed by the ingress operator. It defaults - to Managed. Valid values are: Managed and Unmanaged.' - enum: - - Managed - - Unmanaged - type: string - providerParameters: - description: "providerParameters holds desired load balancer - information specific to the underlying infrastructure provider. - \n If empty, defaults will be applied. See specific providerParameters - fields for details about their defaults." - properties: - aws: - description: "aws provides configuration settings that - are specific to AWS load balancers. \n If empty, defaults - will be applied. See specific aws fields for details - about their defaults." - properties: - classicLoadBalancer: - description: classicLoadBalancerParameters holds configuration - parameters for an AWS classic load balancer. Present - only if type is Classic. - properties: - connectionIdleTimeout: - description: connectionIdleTimeout specifies the - maximum time period that a connection may be - idle before the load balancer closes the connection. The - value must be parseable as a time duration value; - see . A - nil or zero value means no opinion, in which - case a default value is used. The default value - for this field is 60s. This default is subject - to change. - format: duration - type: string - type: object - networkLoadBalancer: - description: networkLoadBalancerParameters holds configuration - parameters for an AWS network load balancer. Present - only if type is NLB. - type: object - type: - description: "type is the type of AWS load balancer - to instantiate for an ingresscontroller. \n Valid - values are: \n * \"Classic\": A Classic Load Balancer - that makes routing decisions at either the transport - layer (TCP/SSL) or the application layer (HTTP/HTTPS). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb - \n * \"NLB\": A Network Load Balancer that makes - routing decisions at the transport layer (TCP/SSL). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" - enum: - - Classic - - NLB - type: string - required: - - type - type: object - gcp: - description: "gcp provides configuration settings that - are specific to GCP load balancers. \n If empty, defaults - will be applied. See specific gcp fields for details - about their defaults." - properties: - clientAccess: - description: "clientAccess describes how client access - is restricted for internal load balancers. \n Valid - values are: * \"Global\": Specifying an internal - load balancer with Global client access allows clients - from any region within the VPC to communicate with - the load balancer. \n https://cloud.google.com/kubernetes-engine/docs/how-to/internal-load-balancing#global_access - \n * \"Local\": Specifying an internal load balancer - with Local client access means only clients within - the same region (and VPC) as the GCP load balancer - can communicate with the load balancer. Note that - this is the default behavior. \n https://cloud.google.com/load-balancing/docs/internal#client_access" - enum: - - Global - - Local - type: string - type: object - ibm: - description: "ibm provides configuration settings that - are specific to IBM Cloud load balancers. \n If empty, - defaults will be applied. See specific ibm fields for - details about their defaults." - properties: - protocol: - description: "protocol specifies whether the load - balancer uses PROXY protocol to forward connections - to the IngressController. See \"service.kubernetes.io/ibm-load-balancer-cloud-provider-enable-features: - \"proxy-protocol\"\" at https://cloud.ibm.com/docs/containers?topic=containers-vpc-lbaas\" - \n PROXY protocol can be used with load balancers - that support it to communicate the source addresses - of client connections when forwarding those connections - to the IngressController. Using PROXY protocol - enables the IngressController to report those source - addresses instead of reporting the load balancer's - address in HTTP headers and logs. Note that enabling - PROXY protocol on the IngressController will cause - connections to fail if you are not using a load - balancer that uses PROXY protocol to forward connections - to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n Valid values - for protocol are TCP, PROXY and omitted. When omitted, - this means no opinion and the platform is left to - choose a reasonable default, which is subject to - change over time. The current default is TCP, without - the proxy protocol enabled." - enum: - - "" - - TCP - - PROXY - type: string - type: object - type: - description: type is the underlying infrastructure provider - for the load balancer. Allowed values are "AWS", "Azure", - "BareMetal", "GCP", "IBM", "Nutanix", "OpenStack", and - "VSphere". - enum: - - AWS - - Azure - - BareMetal - - GCP - - Nutanix - - OpenStack - - VSphere - - IBM - type: string - required: - - type - type: object - scope: - description: scope indicates the scope at which the load balancer - is exposed. Possible values are "External" and "Internal". - enum: - - Internal - - External - type: string - required: - - dnsManagementPolicy - - scope - type: object - nodePort: - description: nodePort holds parameters for the NodePortService - endpoint publishing strategy. Present only if type is NodePortService. - properties: - protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY - protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." - enum: - - "" - - TCP - - PROXY - type: string - type: object - private: - description: private holds parameters for the Private endpoint - publishing strategy. Present only if type is Private. - properties: - protocol: - description: "protocol specifies whether the IngressController - expects incoming connections to use plain TCP or whether - the IngressController expects PROXY protocol. \n PROXY protocol - can be used with load balancers that support it to communicate - the source addresses of client connections when forwarding - those connections to the IngressController. Using PROXY - protocol enables the IngressController to report those source - addresses instead of reporting the load balancer's address - in HTTP headers and logs. Note that enabling PROXY protocol - on the IngressController will cause connections to fail - if you are not using a load balancer that uses PROXY protocol - to forward connections to the IngressController. See http://www.haproxy.org/download/2.2/doc/proxy-protocol.txt - for information about PROXY protocol. \n The following values - are valid for this field: \n * The empty string. * \"TCP\". - * \"PROXY\". \n The empty string specifies the default, - which is TCP without PROXY protocol. Note that the default - is subject to change." - enum: - - "" - - TCP - - PROXY - type: string - type: object - type: - description: "type is the publishing strategy to use. Valid values - are: \n * LoadBalancerService \n Publishes the ingress controller - using a Kubernetes LoadBalancer Service. \n In this configuration, - the ingress controller deployment uses container networking. - A LoadBalancer Service is created to publish the deployment. - \n See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - \n If domain is set, a wildcard DNS record will be managed to - point at the LoadBalancer Service's external name. DNS records - are managed only in DNS zones defined by dns.config.openshift.io/cluster - .spec.publicZone and .spec.privateZone. \n Wildcard DNS management - is currently supported only on the AWS, Azure, and GCP platforms. - \n * HostNetwork \n Publishes the ingress controller on node - ports where the ingress controller is deployed. \n In this configuration, - the ingress controller deployment uses host networking, bound - to node ports 80 and 443. The user is responsible for configuring - an external load balancer to publish the ingress controller - via the node ports. \n * Private \n Does not publish the ingress - controller. \n In this configuration, the ingress controller - deployment uses container networking, and is not explicitly - published. The user must manually publish the ingress controller. - \n * NodePortService \n Publishes the ingress controller using - a Kubernetes NodePort Service. \n In this configuration, the - ingress controller deployment uses container networking. A NodePort - Service is created to publish the deployment. The specific node - ports are dynamically allocated by OpenShift; however, to support - static port allocations, user changes to the node port field - of the managed NodePort Service will preserved." - enum: - - LoadBalancerService - - HostNetwork - - Private - - NodePortService - type: string - required: - - type - type: object - namespaceSelector: - description: namespaceSelector is the actual namespaceSelector in - use. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - observedGeneration: - description: observedGeneration is the most recent generation observed. - format: int64 - type: integer - routeSelector: - description: routeSelector is the actual routeSelector in use. - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - selector: - description: selector is a label selector, in string format, for ingress - controller pods corresponding to the IngressController. The number - of matching pods should equal the value of availableReplicas. - type: string - tlsProfile: - description: tlsProfile is the TLS connection configuration that is - in effect. - properties: - ciphers: - description: "ciphers is used to specify the cipher algorithms - that are negotiated during the TLS handshake. Operators may - remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" - items: - type: string - type: array - minTLSVersion: - description: "minTLSVersion is used to specify the minimal version - of the TLS protocol that is negotiated during the TLS handshake. - For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n - minTLSVersion: VersionTLS11 \n NOTE: currently the highest minTLSVersion - allowed is VersionTLS12" - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - type: string - type: object - type: object - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.availableReplicas - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_insights-operator_00-insightsoperator.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_insights-operator_00-insightsoperator.crd.yaml deleted file mode 100644 index ca3368f007c..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_insights-operator_00-insightsoperator.crd.yaml +++ /dev/null @@ -1,357 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1237 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: insightsoperators.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: InsightsOperator - listKind: InsightsOperatorList - plural: insightsoperators - singular: insightsoperator - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "InsightsOperator holds cluster-wide information about the Insights - Operator. \n Compatibility level 1: Stable within a major release for a - minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - Insights. - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status is the most recently observed status of the Insights - operator. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - gatherStatus: - description: gatherStatus provides basic information about the last - Insights data gathering. When omitted, this means no data gathering - has taken place yet. - properties: - gatherers: - description: gatherers is a list of active gatherers (and their - statuses) in the last gathering. - items: - description: gathererStatus represents information about a particular - data gatherer. - properties: - conditions: - description: conditions provide details on the status of - each gatherer. - items: - description: "Condition contains details for one aspect - of the current state of this API Resource. --- This - struct is intended for direct use as an array at the - field path .status.conditions. For example, \n type - FooStatus struct{ // Represents the observations of - a foo's current state. // Known .status.conditions.type - are: \"Available\", \"Progressing\", and \"Degraded\" - // +patchMergeKey=type // +patchStrategy=merge // +listType=map - // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" - patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` - \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the - condition transitioned from one status to another. - This should be when the underlying condition changed. If - that is not known, then using the time when the - API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty - string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, - if .metadata.generation is currently 12, but the - .status.conditions[x].observedGeneration is 9, the - condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier - indicating the reason for the condition's last transition. - Producers of specific condition types may define - expected values and meanings for this field, and - whether the values are considered a guaranteed API. - The value should be a CamelCase string. This field - may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, - False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in - foo.example.com/CamelCase. --- Many .condition.type - values are consistent across resources like Available, - but because arbitrary conditions can be useful (see - .node.status.conditions), the ability to deconflict - is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - minItems: 1 - type: array - x-kubernetes-list-type: atomic - lastGatherDuration: - description: lastGatherDuration represents the time spent - gathering. - pattern: ^([1-9][0-9]*(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ - type: string - name: - description: name is the name of the gatherer. - maxLength: 256 - minLength: 5 - type: string - required: - - conditions - - lastGatherDuration - - name - type: object - type: array - x-kubernetes-list-type: atomic - lastGatherDuration: - description: lastGatherDuration is the total time taken to process - all gatherers during the last gather event. - pattern: ^0|([1-9][0-9]*(\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$ - type: string - lastGatherTime: - description: lastGatherTime is the last time when Insights data - gathering finished. An empty value means that no data has been - gathered yet. - format: date-time - type: string - type: object - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - insightsReport: - description: insightsReport provides general Insights analysis results. - When omitted, this means no data gathering has taken place yet. - properties: - downloadedAt: - description: downloadedAt is the time when the last Insights report - was downloaded. An empty value means that there has not been - any Insights report downloaded yet and it usually appears in - disconnected clusters (or clusters when the Insights data gathering - is disabled). - format: date-time - type: string - healthChecks: - description: healthChecks provides basic information about active - Insights health checks in a cluster. - items: - description: healthCheck represents an Insights health check - attributes. - properties: - advisorURI: - description: advisorURI provides the URL link to the Insights - Advisor. - pattern: ^https:\/\/\S+ - type: string - description: - description: description provides basic description of the - healtcheck. - maxLength: 2048 - minLength: 10 - type: string - state: - description: state determines what the current state of - the health check is. Health check is enabled by default - and can be disabled by the user in the Insights advisor - user interface. - enum: - - Enabled - - Disabled - type: string - totalRisk: - description: totalRisk of the healthcheck. Indicator of - the total risk posed by the detected issue; combination - of impact and likelihood. The values can be from 1 to - 4, and the higher the number, the more important the issue. - format: int32 - maximum: 4 - minimum: 1 - type: integer - required: - - advisorURI - - description - - state - - totalRisk - type: object - type: array - x-kubernetes-list-type: atomic - type: object - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.availableReplicas - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml deleted file mode 100644 index 818e3306b74..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml +++ /dev/null @@ -1,174 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: servicecas.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: ServiceCA - listKind: ServiceCAList - plural: servicecas - singular: serviceca - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ServiceCA provides information to configure an operator to manage - the service cert controllers \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01.crd.yaml deleted file mode 100644 index ca257267ce4..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01.crd.yaml +++ /dev/null @@ -1,907 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: networks.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: Network - listKind: NetworkList - plural: networks - singular: network - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Network describes the cluster's desired network configuration. - It is consumed by the cluster-network-operator. \n Compatibility level 1: - Stable within a major release for a minimum of 12 months or 3 minor releases - (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: NetworkSpec is the top-level network configuration object. - properties: - additionalNetworks: - description: additionalNetworks is a list of extra networks to make - available to pods when multiple networks are enabled. - items: - description: AdditionalNetworkDefinition configures an extra network - that is available but not created by default. Instead, pods must - request them by name. type must be specified, along with exactly - one "Config" that matches the type. - properties: - name: - description: name is the name of the network. This will be populated - in the resulting CRD This must be unique. - type: string - namespace: - description: namespace is the namespace of the network. This - will be populated in the resulting CRD If not given the network - will be created in the default namespace. - type: string - rawCNIConfig: - description: rawCNIConfig is the raw CNI configuration json - to create in the NetworkAttachmentDefinition CRD - type: string - simpleMacvlanConfig: - description: SimpleMacvlanConfig configures the macvlan interface - in case of type:NetworkTypeSimpleMacvlan - properties: - ipamConfig: - description: IPAMConfig configures IPAM module will be used - for IP Address Management (IPAM). - properties: - staticIPAMConfig: - description: StaticIPAMConfig configures the static - IP address in case of type:IPAMTypeStatic - properties: - addresses: - description: Addresses configures IP address for - the interface - items: - description: StaticIPAMAddresses provides IP address - and Gateway for static IPAM addresses - properties: - address: - description: Address is the IP address in - CIDR format - type: string - gateway: - description: Gateway is IP inside of subnet - to designate as the gateway - type: string - type: object - type: array - dns: - description: DNS configures DNS for the interface - properties: - domain: - description: Domain configures the domainname - the local domain used for short hostname lookups - type: string - nameservers: - description: Nameservers points DNS servers - for IP lookup - items: - type: string - type: array - search: - description: Search configures priority ordered - search domains for short hostname lookups - items: - type: string - type: array - type: object - routes: - description: Routes configures IP routes for the - interface - items: - description: StaticIPAMRoutes provides Destination/Gateway - pairs for static IPAM routes - properties: - destination: - description: Destination points the IP route - destination - type: string - gateway: - description: Gateway is the route's next-hop - IP address If unset, a default gateway is - assumed (as determined by the CNI plugin). - type: string - type: object - type: array - type: object - type: - description: Type is the type of IPAM module will be - used for IP Address Management(IPAM). The supported - values are IPAMTypeDHCP, IPAMTypeStatic - type: string - type: object - master: - description: master is the host interface to create the - macvlan interface from. If not specified, it will be default - route interface - type: string - mode: - description: 'mode is the macvlan mode: bridge, private, - vepa, passthru. The default is bridge' - type: string - mtu: - description: mtu is the mtu to use for the macvlan interface. - if unset, host's kernel will select the value. - format: int32 - minimum: 0 - type: integer - type: object - type: - description: type is the type of network The supported values - are NetworkTypeRaw, NetworkTypeSimpleMacvlan - type: string - type: object - type: array - clusterNetwork: - description: clusterNetwork is the IP address pool to use for pod - IPs. Some network providers, e.g. OpenShift SDN, support multiple - ClusterNetworks. Others only support one. This is equivalent to - the cluster-cidr. - items: - description: ClusterNetworkEntry is a subnet from which to allocate - PodIPs. A network of size HostPrefix (in CIDR notation) will be - allocated when nodes join the cluster. If the HostPrefix field - is not used by the plugin, it can be left unset. Not all network - providers support multiple ClusterNetworks - properties: - cidr: - type: string - hostPrefix: - format: int32 - minimum: 0 - type: integer - type: object - type: array - defaultNetwork: - description: defaultNetwork is the "default" network that all pods - will receive - properties: - openshiftSDNConfig: - description: openShiftSDNConfig configures the openshift-sdn plugin - properties: - enableUnidling: - description: enableUnidling controls whether or not the service - proxy will support idling and unidling of services. By default, - unidling is enabled. - type: boolean - mode: - description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" - type: string - mtu: - description: mtu is the mtu to use for the tunnel interface. - Defaults to 1450 if unset. This must be 50 bytes smaller - than the machine's uplink. - format: int32 - minimum: 0 - type: integer - useExternalOpenvswitch: - description: 'useExternalOpenvswitch used to control whether - the operator would deploy an OVS DaemonSet itself or expect - someone else to start OVS. As of 4.6, OVS is always run - as a system service, and this flag is ignored. DEPRECATED: - non-functional as of 4.6' - type: boolean - vxlanPort: - description: vxlanPort is the port to use for all vxlan packets. - The default is 4789. - format: int32 - minimum: 0 - type: integer - type: object - ovnKubernetesConfig: - description: ovnKubernetesConfig configures the ovn-kubernetes - plugin. - properties: - egressIPConfig: - description: egressIPConfig holds the configuration for EgressIP - options. - properties: - reachabilityTotalTimeoutSeconds: - description: reachabilityTotalTimeout configures the EgressIP - node reachability check total timeout in seconds. If - the EgressIP node cannot be reached within this timeout, - the node is declared down. Setting a large value may - cause the EgressIP feature to react slowly to node changes. - In particular, it may react slowly for EgressIP nodes - that really have a genuine problem and are unreachable. - When omitted, this means the user has no opinion and - the platform is left to choose a reasonable default, - which is subject to change over time. The current default - is 1 second. A value of 0 disables the EgressIP node's - reachability check. - format: int32 - maximum: 60 - minimum: 0 - type: integer - type: object - gatewayConfig: - description: gatewayConfig holds the configuration for node - gateway options. - properties: - ipForwarding: - description: IPForwarding controls IP forwarding for all - traffic on OVN-Kubernetes managed interfaces (such as - br-ex). By default this is set to Restricted, and Kubernetes - related traffic is still forwarded appropriately, but - other IP traffic will not be routed by the OCP node. - If there is a desire to allow the host to forward traffic - across OVN-Kubernetes managed interfaces, then set this - field to "Global". The supported values are "Restricted" - and "Global". - type: string - ipv4: - description: ipv4 allows users to configure IP settings - for IPv4 connections. When omitted, this means no opinion - and the default configuration is used. Check individual - members fields within ipv4 for details of default values. - properties: - internalMasqueradeSubnet: - description: internalMasqueradeSubnet contains the - masquerade addresses in IPV4 CIDR format used internally - by ovn-kubernetes to enable host to service traffic. - Each host in the cluster is configured with these - addresses, as well as the shared gateway bridge - interface. The values can be changed after installation. - The subnet chosen should not overlap with other - networks specified for OVN-Kubernetes as well as - other networks used on the host. Additionally the - subnet must be large enough to accommodate 6 IPs - (maximum prefix length /29). When omitted, this - means no opinion and the platform is left to choose - a reasonable default which is subject to change - over time. The current default subnet is 169.254.169.0/29 - The value must be in proper IPV4 CIDR format - maxLength: 18 - type: string - x-kubernetes-validations: - - message: CIDR format must contain exactly one '/' - rule: self.indexOf('/') == self.lastIndexOf('/') - - message: subnet must be in the range /0 to /29 inclusive - rule: '[int(self.split(''/'')[1])].all(x, x <= 29 - && x >= 0)' - - message: a valid IPv4 address must contain 4 octets - rule: self.split('/')[0].split('.').size() == 4 - - message: first IP address octet must not contain - leading zeros, must be greater than 0 and less - or equal to 255 - rule: '[self.findAll(''[0-9]+'')[0]].all(x, x != - ''0'' && int(x) <= 255 && !x.startsWith(''0''))' - - message: IP address octets must not contain leading - zeros, and must be less or equal to 255 - rule: '[self.findAll(''[0-9]+'')[1], self.findAll(''[0-9]+'')[2], - self.findAll(''[0-9]+'')[3]].all(x, int(x) <= - 255 && (x == ''0'' || !x.startsWith(''0'')))' - type: object - ipv6: - description: ipv6 allows users to configure IP settings - for IPv6 connections. When omitted, this means no opinion - and the default configuration is used. Check individual - members fields within ipv6 for details of default values. - properties: - internalMasqueradeSubnet: - description: internalMasqueradeSubnet contains the - masquerade addresses in IPV6 CIDR format used internally - by ovn-kubernetes to enable host to service traffic. - Each host in the cluster is configured with these - addresses, as well as the shared gateway bridge - interface. The values can be changed after installation. - The subnet chosen should not overlap with other - networks specified for OVN-Kubernetes as well as - other networks used on the host. Additionally the - subnet must be large enough to accommodate 6 IPs - (maximum prefix length /125). When omitted, this - means no opinion and the platform is left to choose - a reasonable default which is subject to change - over time. The current default subnet is fd69::/125 - Note that IPV6 dual addresses are not permitted - type: string - x-kubernetes-validations: - - message: CIDR format must contain exactly one '/' - rule: self.indexOf('/') == self.lastIndexOf('/') - - message: subnet must be in the range /0 to /125 - inclusive - rule: self.split('/').size() == 2 && [int(self.split('/')[1])].all(x, - x <= 125 && x >= 0) - - message: IPv6 addresses must contain at most one - '::' and may only be shortened once - rule: self.indexOf('::') == self.lastIndexOf('::') - - message: a valid IPv6 address must contain 8 segments - unless elided (::), in which case it must contain - at most 6 non-empty segments - rule: 'self.contains(''::'') ? self.split(''/'')[0].split('':'').size() - <= 8 : self.split(''/'')[0].split('':'').size() - == 8' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 1 - rule: 'self.split(''/'')[0].split('':'').size() - >=1 ? [self.split(''/'')[0].split('':'', 8)[0]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 2 - rule: 'self.split(''/'')[0].split('':'').size() - >=2 ? [self.split(''/'')[0].split('':'', 8)[1]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 3 - rule: 'self.split(''/'')[0].split('':'').size() - >=3 ? [self.split(''/'')[0].split('':'', 8)[2]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 4 - rule: 'self.split(''/'')[0].split('':'').size() - >=4 ? [self.split(''/'')[0].split('':'', 8)[3]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 5 - rule: 'self.split(''/'')[0].split('':'').size() - >=5 ? [self.split(''/'')[0].split('':'', 8)[4]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 6 - rule: 'self.split(''/'')[0].split('':'').size() - >=6 ? [self.split(''/'')[0].split('':'', 8)[5]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 7 - rule: 'self.split(''/'')[0].split('':'').size() - >=7 ? [self.split(''/'')[0].split('':'', 8)[6]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: each segment of an IPv6 address must be - a hexadecimal number between 0 and FFFF, failed - on segment 8 - rule: 'self.split(''/'')[0].split('':'').size() - >=8 ? [self.split(''/'')[0].split('':'', 8)[7]].all(x, - x == '''' || (x.matches(''^[0-9A-Fa-f]{1,4}$'')) - && size(x)<5 ) : true' - - message: IPv6 dual addresses are not permitted, - value should not contain `.` characters - rule: '!self.contains(''.'')' - type: object - routingViaHost: - default: false - description: RoutingViaHost allows pod egress traffic - to exit via the ovn-k8s-mp0 management port into the - host before sending it out. If this is not set, traffic - will always egress directly from OVN to outside without - touching the host stack. Setting this to true means - hardware offload will not be supported. Default is false - if GatewayConfig is specified. - type: boolean - type: object - genevePort: - description: geneve port is the UDP port to be used by geneve - encapulation. Default is 6081 - format: int32 - minimum: 1 - type: integer - hybridOverlayConfig: - description: HybridOverlayConfig configures an additional - overlay network for peers that are not using OVN. - properties: - hybridClusterNetwork: - description: HybridClusterNetwork defines a network space - given to nodes on an additional overlay network. - items: - description: ClusterNetworkEntry is a subnet from which - to allocate PodIPs. A network of size HostPrefix (in - CIDR notation) will be allocated when nodes join the - cluster. If the HostPrefix field is not used by the - plugin, it can be left unset. Not all network providers - support multiple ClusterNetworks - properties: - cidr: - type: string - hostPrefix: - format: int32 - minimum: 0 - type: integer - type: object - type: array - hybridOverlayVXLANPort: - description: HybridOverlayVXLANPort defines the VXLAN - port number to be used by the additional overlay network. - Default is 4789 - format: int32 - type: integer - type: object - ipsecConfig: - default: - mode: Disabled - description: ipsecConfig enables and configures IPsec for - pods on the pod network within the cluster. - properties: - mode: - description: mode defines the behaviour of the ipsec configuration - within the platform. Valid values are `Disabled`, `External` - and `Full`. When 'Disabled', ipsec will not be enabled - at the node level. When 'External', ipsec is enabled - on the node level but requires the user to configure - the secure communication parameters. This mode is for - external secure communications and the configuration - can be done using the k8s-nmstate operator. When 'Full', - ipsec is configured on the node level and inter-pod - secure communication within the cluster is configured. - Note with `Full`, if ipsec is desired for communication - with external (to the cluster) entities (such as storage - arrays), this is left to the user to configure. - enum: - - Disabled - - External - - Full - type: string - type: object - x-kubernetes-validations: - - message: ipsecConfig.mode is required - rule: self == oldSelf || has(self.mode) - mtu: - description: mtu is the MTU to use for the tunnel interface. - This must be 100 bytes smaller than the uplink mtu. Default - is 1400 - format: int32 - minimum: 0 - type: integer - policyAuditConfig: - description: policyAuditConfig is the configuration for network - policy audit events. If unset, reported defaults are used. - properties: - destination: - default: "null" - description: 'destination is the location for policy log - messages. Regardless of this config, persistent logs - will always be dumped to the host at /var/log/ovn/ however - Additionally syslog output may be configured as follows. - Valid values are: - "libc" -> to use the libc syslog() - function of the host node''s journdald process - "udp:host:port" - -> for sending syslog over UDP - "unix:file" -> for - using the UNIX domain socket directly - "null" -> to - discard all messages logged to syslog The default is - "null"' - type: string - maxFileSize: - default: 50 - description: maxFilesSize is the max size an ACL_audit - log file is allowed to reach before rotation occurs - Units are in MB and the Default is 50MB - format: int32 - minimum: 1 - type: integer - maxLogFiles: - default: 5 - description: maxLogFiles specifies the maximum number - of ACL_audit log files that can be present. - format: int32 - minimum: 1 - type: integer - rateLimit: - default: 20 - description: rateLimit is the approximate maximum number - of messages to generate per-second per-node. If unset - the default of 20 msg/sec is used. - format: int32 - minimum: 1 - type: integer - syslogFacility: - default: local0 - description: syslogFacility the RFC5424 facility for generated - messages, e.g. "kern". Default is "local0" - type: string - type: object - v4InternalSubnet: - description: v4InternalSubnet is a v4 subnet used internally - by ovn-kubernetes in case the default one is being already - used by something else. It must not overlap with any other - subnet being used by OpenShift or by the node network. The - size of the subnet must be larger than the number of nodes. - The value cannot be changed after installation. Default - is 100.64.0.0/16 - type: string - v6InternalSubnet: - description: v6InternalSubnet is a v6 subnet used internally - by ovn-kubernetes in case the default one is being already - used by something else. It must not overlap with any other - subnet being used by OpenShift or by the node network. The - size of the subnet must be larger than the number of nodes. - The value cannot be changed after installation. Default - is fd98::/48 - type: string - type: object - type: - description: type is the type of network All NetworkTypes are - supported except for NetworkTypeRaw - type: string - type: object - deployKubeProxy: - description: deployKubeProxy specifies whether or not a standalone - kube-proxy should be deployed by the operator. Some network providers - include kube-proxy or similar functionality. If unset, the plugin - will attempt to select the correct value, which is false when OpenShift - SDN and ovn-kubernetes are used and true otherwise. - type: boolean - disableMultiNetwork: - description: disableMultiNetwork specifies whether or not multiple - pod network support should be disabled. If unset, this property - defaults to 'false' and multiple network support is enabled. - type: boolean - disableNetworkDiagnostics: - default: false - description: disableNetworkDiagnostics specifies whether or not PodNetworkConnectivityCheck - CRs from a test pod to every node, apiserver and LB should be disabled - or not. If unset, this property defaults to 'false' and network - diagnostics is enabled. Setting this to 'true' would reduce the - additional load of the pods performing the checks. - type: boolean - exportNetworkFlows: - description: exportNetworkFlows enables and configures the export - of network flow metadata from the pod network by using protocols - NetFlow, SFlow or IPFIX. Currently only supported on OVN-Kubernetes - plugin. If unset, flows will not be exported to any collector. - properties: - ipfix: - description: ipfix defines IPFIX configuration. - properties: - collectors: - description: ipfixCollectors is list of strings formatted - as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - type: object - netFlow: - description: netFlow defines the NetFlow configuration. - properties: - collectors: - description: netFlow defines the NetFlow collectors that will - consume the flow data exported from OVS. It is a list of - strings formatted as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - type: object - sFlow: - description: sFlow defines the SFlow configuration. - properties: - collectors: - description: sFlowCollectors is list of strings formatted - as ip:port with a maximum of ten items - items: - pattern: ^(([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[0-9][0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5]):([1-9][0-9]{0,3}|[1-5][0-9]{4}|6[0-4][0-9]{3}|65[0-4][0-9]{2}|655[0-2][0-9]|6553[0-5])$ - type: string - maxItems: 10 - minItems: 1 - type: array - type: object - type: object - kubeProxyConfig: - description: kubeProxyConfig lets us configure desired proxy configuration. - If not specified, sensible defaults will be chosen by OpenShift - directly. Not consumed by all network providers - currently only - openshift-sdn. - properties: - bindAddress: - description: The address to "bind" on Defaults to 0.0.0.0 - type: string - iptablesSyncPeriod: - description: 'An internal kube-proxy parameter. In older releases - of OCP, this sometimes needed to be adjusted in large clusters - for performance reasons, but this is no longer necessary, and - there is no reason to change this from the default value. Default: - 30s' - type: string - proxyArguments: - additionalProperties: - description: ProxyArgumentList is a list of arguments to pass - to the kubeproxy process - items: - type: string - type: array - description: Any additional arguments to pass to the kubeproxy - process - type: object - type: object - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - migration: - description: migration enables and configures the cluster network - migration. The migration procedure allows to change the network - type and the MTU. - properties: - features: - description: features contains the features migration configuration. - Set this to migrate feature configuration when changing the - cluster default network provider. if unset, the default operation - is to migrate all the configuration of supported features. - properties: - egressFirewall: - default: true - description: egressFirewall specifies whether or not the Egress - Firewall configuration is migrated automatically when changing - the cluster default network provider. If unset, this property - defaults to 'true' and Egress Firewall configure is migrated. - type: boolean - egressIP: - default: true - description: egressIP specifies whether or not the Egress - IP configuration is migrated automatically when changing - the cluster default network provider. If unset, this property - defaults to 'true' and Egress IP configure is migrated. - type: boolean - multicast: - default: true - description: multicast specifies whether or not the multicast - configuration is migrated automatically when changing the - cluster default network provider. If unset, this property - defaults to 'true' and multicast configure is migrated. - type: boolean - type: object - mode: - description: mode indicates the mode of network migration. The - supported values are "Live", "Offline" and omitted. A "Live" - migration operation will not cause service interruption by migrating - the CNI of each node one by one. The cluster network will work - as normal during the network migration. An "Offline" migration - operation will cause service interruption. During an "Offline" - migration, two rounds of node reboots are required. The cluster - network will be malfunctioning during the network migration. - When omitted, this means no opinion and the platform is left - to choose a reasonable default which is subject to change over - time. The current default value is "Offline". - enum: - - Live - - Offline - - "" - type: string - mtu: - description: mtu contains the MTU migration configuration. Set - this to allow changing the MTU values for the default network. - If unset, the operation of changing the MTU for the default - network will be rejected. - properties: - machine: - description: machine contains MTU migration configuration - for the machine's uplink. Needs to be migrated along with - the default network MTU unless the current uplink MTU already - accommodates the default network MTU. - properties: - from: - description: from is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: to is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - network: - description: network contains information about MTU migration - for the default network. Migrations are only allowed to - MTU values lower than the machine's uplink MTU by the minimum - appropriate offset. - properties: - from: - description: from is the MTU to migrate from. - format: int32 - minimum: 0 - type: integer - to: - description: to is the MTU to migrate to. - format: int32 - minimum: 0 - type: integer - type: object - type: object - networkType: - description: networkType is the target type of network migration. - Set this to the target network type to allow changing the default - network. If unset, the operation of changing cluster default - network plugin will be rejected. The supported values are OpenShiftSDN, - OVNKubernetes - type: string - type: object - x-kubernetes-validations: - - message: networkType migration in mode other than 'Live' may not - be configured at the same time as mtu migration - rule: '!has(self.mtu) || !has(self.networkType) || self.networkType - == '''' || has(self.mode) && self.mode == ''Live''' - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - serviceNetwork: - description: serviceNetwork is the ip address pool to use for Service - IPs Currently, all existing network providers only support a single - value here, but this is an array to allow for growth. - items: - type: string - type: array - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - useMultiNetworkPolicy: - description: useMultiNetworkPolicy enables a controller which allows - for MultiNetworkPolicy objects to be used on additional networks - as created by Multus CNI. MultiNetworkPolicy are similar to NetworkPolicy - objects, but NetworkPolicy objects only apply to the primary interface. - With MultiNetworkPolicy, you can control the traffic that a pod - can receive over the secondary interfaces. If unset, this property - defaults to 'false' and MultiNetworkPolicy objects are ignored. - If 'disableMultiNetwork' is 'true' then the value of this field - is ignored. - type: boolean - type: object - x-kubernetes-validations: - - message: invalid value for IPForwarding, valid values are 'Restricted' - or 'Global' - rule: '!has(self.defaultNetwork) || !has(self.defaultNetwork.ovnKubernetesConfig) - || !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig) || - !has(self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding) - || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding - == oldSelf.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding - || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding - == ''Restricted'' || self.defaultNetwork.ovnKubernetesConfig.gatewayConfig.ipForwarding - == ''Global''' - status: - description: NetworkStatus is detailed operator status, which is distilled - up to the Network clusteroperator object. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - type: object - served: true - storage: true diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00.crd.yaml deleted file mode 100644 index 3bedcf2801a..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00.crd.yaml +++ /dev/null @@ -1,578 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/475 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: dnses.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: DNS - listKind: DNSList - plural: dnses - singular: dns - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "DNS manages the CoreDNS component to provide a name resolution - service for pods and services in the cluster. \n This supports the DNS-based - service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md - \n More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns - \n Compatibility level 1: Stable within a major release for a minimum of - 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - DNS. - properties: - cache: - description: 'cache describes the caching configuration that applies - to all server blocks listed in the Corefile. This field allows a - cluster admin to optionally configure: * positiveTTL which is a - duration for which positive responses should be cached. * negativeTTL - which is a duration for which negative responses should be cached. - If this is not configured, OpenShift will configure positive and - negative caching with a default value that is subject to change. - At the time of writing, the default positiveTTL is 900 seconds and - the default negativeTTL is 30 seconds or as noted in the respective - Corefile for your version of OpenShift.' - properties: - negativeTTL: - description: "negativeTTL is optional and specifies the amount - of time that a negative response should be cached. \n If configured, - it must be a value of 1s (1 second) or greater up to a theoretical - maximum of several years. This field expects an unsigned duration - string of decimal numbers, each with optional fraction and a - unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values - that are fractions of a second are rounded down to the nearest - second. If the configured value is less than 1s, the default - value will be used. If not configured, the value will be 0s - and OpenShift will use a default value of 30 seconds unless - noted otherwise in the respective Corefile for your version - of OpenShift. The default value of 30 seconds is subject to - change." - pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ - type: string - positiveTTL: - description: "positiveTTL is optional and specifies the amount - of time that a positive response should be cached. \n If configured, - it must be a value of 1s (1 second) or greater up to a theoretical - maximum of several years. This field expects an unsigned duration - string of decimal numbers, each with optional fraction and a - unit suffix, e.g. \"100s\", \"1m30s\", \"12h30m10s\". Values - that are fractions of a second are rounded down to the nearest - second. If the configured value is less than 1s, the default - value will be used. If not configured, the value will be 0s - and OpenShift will use a default value of 900 seconds unless - noted otherwise in the respective Corefile for your version - of OpenShift. The default value of 900 seconds is subject to - change." - pattern: ^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ - type: string - type: object - logLevel: - default: Normal - description: 'logLevel describes the desired logging verbosity for - CoreDNS. Any one of the following values may be specified: * Normal - logs errors from upstream resolvers. * Debug logs errors, NXDOMAIN - responses, and NODATA responses. * Trace logs errors and all responses. - Setting logLevel: Trace will produce extremely verbose logs. Valid - values are: "Normal", "Debug", "Trace". Defaults to "Normal".' - enum: - - Normal - - Debug - - Trace - type: string - managementState: - description: managementState indicates whether the DNS operator should - manage cluster DNS - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - nodePlacement: - description: "nodePlacement provides explicit control over the scheduling - of DNS pods. \n Generally, it is useful to run a DNS pod on every - node so that DNS queries are always handled by a local DNS pod instead - of going over the network to a DNS pod on another node. However, - security policies may require restricting the placement of DNS pods - to specific nodes. For example, if a security policy prohibits pods - on arbitrary nodes from communicating with the API, a node selector - can be specified to restrict DNS pods to nodes that are permitted - to communicate with the API. Conversely, if running DNS pods on - nodes with a particular taint is desired, a toleration can be specified - for that taint. \n If unset, defaults are used. See nodePlacement - for more details." - properties: - nodeSelector: - additionalProperties: - type: string - description: "nodeSelector is the node selector applied to DNS - pods. \n If empty, the default is used, which is currently the - following: \n kubernetes.io/os: linux \n This default is subject - to change. \n If set, the specified selector is used and replaces - the default." - type: object - tolerations: - description: "tolerations is a list of tolerations applied to - DNS pods. \n If empty, the DNS operator sets a toleration for - the \"node-role.kubernetes.io/master\" taint. This default - is subject to change. Specifying tolerations without including - a toleration for the \"node-role.kubernetes.io/master\" taint - may be risky as it could lead to an outage if all worker nodes - become unavailable. \n Note that the daemon controller adds - some tolerations as well. See https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/" - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using - the matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. - Empty means match all taint effects. When specified, allowed - values are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to - the value. Valid operators are Exists and Equal. Defaults - to Equal. Exists is equivalent to wildcard for value, - so that a pod can tolerate all taints of a particular - category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of - time the toleration (which must be of effect NoExecute, - otherwise this field is ignored) tolerates the taint. - By default, it is not set, which means tolerate the taint - forever (do not evict). Zero and negative values will - be treated as 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. - type: string - type: object - type: array - type: object - operatorLogLevel: - default: Normal - description: 'operatorLogLevel controls the logging level of the DNS - Operator. Valid values are: "Normal", "Debug", "Trace". Defaults - to "Normal". setting operatorLogLevel: Trace will produce extremely - verbose logs.' - enum: - - Normal - - Debug - - Trace - type: string - servers: - description: "servers is a list of DNS resolvers that provide name - query delegation for one or more subdomains outside the scope of - the cluster domain. If servers consists of more than one Server, - longest suffix match will be used to determine the Server. \n For - example, if there are two Servers, one for \"foo.com\" and another - for \"a.foo.com\", and the name query is for \"www.a.foo.com\", - it will be routed to the Server with Zone \"a.foo.com\". \n If this - field is nil, no servers are created." - items: - description: Server defines the schema for a server that runs per - instance of CoreDNS. - properties: - forwardPlugin: - description: forwardPlugin defines a schema for configuring - CoreDNS to proxy DNS messages to upstream resolvers. - properties: - policy: - default: Random - description: "policy is used to determine the order in which - upstream servers are selected for querying. Any one of - the following values may be specified: \n * \"Random\" - picks a random upstream server for each query. * \"RoundRobin\" - picks upstream servers in a round-robin order, moving - to the next server for each new query. * \"Sequential\" - tries querying upstream servers in a sequential order - until one responds, starting with the first server for - each new query. \n The default value is \"Random\"" - enum: - - Random - - RoundRobin - - Sequential - type: string - protocolStrategy: - description: protocolStrategy specifies the protocol to - use for upstream DNS requests. Valid values for protocolStrategy - are "TCP" and omitted. When omitted, this means no opinion - and the platform is left to choose a reasonable default, - which is subject to change over time. The current default - is to use the protocol of the original client request. - "TCP" specifies that the platform should use TCP for all - upstream DNS requests, even if the client request uses - UDP. "TCP" is useful for UDP-specific issues such as those - created by non-compliant upstream resolvers, but may consume - more bandwidth or increase DNS response time. Note that - protocolStrategy only affects the protocol of DNS requests - that CoreDNS makes to upstream resolvers. It does not - affect the protocol of DNS requests between clients and - CoreDNS. - enum: - - TCP - - "" - type: string - transportConfig: - description: "transportConfig is used to configure the transport - type, server name, and optional custom CA or CA bundle - to use when forwarding DNS requests to an upstream resolver. - \n The default value is \"\" (empty) which results in - a standard cleartext connection being used when forwarding - DNS requests to an upstream resolver." - properties: - tls: - description: tls contains the additional configuration - options to use when Transport is set to "TLS". - properties: - caBundle: - description: "caBundle references a ConfigMap that - must contain either a single CA Certificate or - a CA Bundle. This allows cluster administrators - to provide their own CA or CA bundle for validating - the certificate of upstream resolvers. \n 1. The - configmap must contain a `ca-bundle.crt` key. - 2. The value must be a PEM encoded CA certificate - or CA bundle. 3. The administrator must create - this configmap in the openshift-config namespace. - 4. The upstream server certificate must contain - a Subject Alternative Name (SAN) that matches - ServerName." - properties: - name: - description: name is the metadata.name of the - referenced config map - type: string - required: - - name - type: object - serverName: - description: serverName is the upstream server to - connect to when forwarding DNS queries. This is - required when Transport is set to "TLS". ServerName - will be validated against the DNS naming conventions - in RFC 1123 and should match the TLS certificate - installed in the upstream resolver(s). - maxLength: 253 - pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ - type: string - required: - - serverName - type: object - transport: - description: "transport allows cluster administrators - to opt-in to using a DNS-over-TLS connection between - cluster DNS and an upstream resolver(s). Configuring - TLS as the transport at this level without configuring - a CABundle will result in the system certificates - being used to verify the serving certificate of the - upstream resolver(s). \n Possible values: \"\" (empty) - - This means no explicit choice has been made and - the platform chooses the default which is subject - to change over time. The current default is \"Cleartext\". - \"Cleartext\" - Cluster admin specified cleartext - option. This results in the same functionality as - an empty value but may be useful when a cluster admin - wants to be more explicit about the transport, or - wants to switch from \"TLS\" to \"Cleartext\" explicitly. - \"TLS\" - This indicates that DNS queries should be - sent over a TLS connection. If Transport is set to - TLS, you MUST also set ServerName. If a port is not - included with the upstream IP, port 853 will be tried - by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1." - enum: - - TLS - - Cleartext - - "" - type: string - type: object - upstreams: - description: "upstreams is a list of resolvers to forward - name queries for subdomains of Zones. Each instance of - CoreDNS performs health checking of Upstreams. When a - healthy upstream returns an error during the exchange, - another resolver is tried from Upstreams. The Upstreams - are selected in the order specified in Policy. Each upstream - is represented by an IP address or IP:port if the upstream - listens on a port other than 53. \n A maximum of 15 upstreams - is allowed per ForwardPlugin." - items: - type: string - maxItems: 15 - type: array - type: object - name: - description: name is required and specifies a unique name for - the server. Name must comply with the Service Name Syntax - of rfc6335. - type: string - zones: - description: zones is required and specifies the subdomains - that Server is authoritative for. Zones must conform to the - rfc1123 definition of a subdomain. Specifying the cluster - domain (i.e., "cluster.local") is invalid. - items: - type: string - type: array - type: object - type: array - upstreamResolvers: - default: {} - description: "upstreamResolvers defines a schema for configuring CoreDNS - to proxy DNS messages to upstream resolvers for the case of the - default (\".\") server \n If this field is not specified, the upstream - used will default to /etc/resolv.conf, with policy \"sequential\"" - properties: - policy: - default: Sequential - description: "Policy is used to determine the order in which upstream - servers are selected for querying. Any one of the following - values may be specified: \n * \"Random\" picks a random upstream - server for each query. * \"RoundRobin\" picks upstream servers - in a round-robin order, moving to the next server for each new - query. * \"Sequential\" tries querying upstream servers in a - sequential order until one responds, starting with the first - server for each new query. \n The default value is \"Sequential\"" - enum: - - Random - - RoundRobin - - Sequential - type: string - protocolStrategy: - description: protocolStrategy specifies the protocol to use for - upstream DNS requests. Valid values for protocolStrategy are - "TCP" and omitted. When omitted, this means no opinion and the - platform is left to choose a reasonable default, which is subject - to change over time. The current default is to use the protocol - of the original client request. "TCP" specifies that the platform - should use TCP for all upstream DNS requests, even if the client - request uses UDP. "TCP" is useful for UDP-specific issues such - as those created by non-compliant upstream resolvers, but may - consume more bandwidth or increase DNS response time. Note that - protocolStrategy only affects the protocol of DNS requests that - CoreDNS makes to upstream resolvers. It does not affect the - protocol of DNS requests between clients and CoreDNS. - enum: - - TCP - - "" - type: string - transportConfig: - description: "transportConfig is used to configure the transport - type, server name, and optional custom CA or CA bundle to use - when forwarding DNS requests to an upstream resolver. \n The - default value is \"\" (empty) which results in a standard cleartext - connection being used when forwarding DNS requests to an upstream - resolver." - properties: - tls: - description: tls contains the additional configuration options - to use when Transport is set to "TLS". - properties: - caBundle: - description: "caBundle references a ConfigMap that must - contain either a single CA Certificate or a CA Bundle. - This allows cluster administrators to provide their - own CA or CA bundle for validating the certificate of - upstream resolvers. \n 1. The configmap must contain - a `ca-bundle.crt` key. 2. The value must be a PEM encoded - CA certificate or CA bundle. 3. The administrator must - create this configmap in the openshift-config namespace. - 4. The upstream server certificate must contain a Subject - Alternative Name (SAN) that matches ServerName." - properties: - name: - description: name is the metadata.name of the referenced - config map - type: string - required: - - name - type: object - serverName: - description: serverName is the upstream server to connect - to when forwarding DNS queries. This is required when - Transport is set to "TLS". ServerName will be validated - against the DNS naming conventions in RFC 1123 and should - match the TLS certificate installed in the upstream - resolver(s). - maxLength: 253 - pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ - type: string - required: - - serverName - type: object - transport: - description: "transport allows cluster administrators to opt-in - to using a DNS-over-TLS connection between cluster DNS and - an upstream resolver(s). Configuring TLS as the transport - at this level without configuring a CABundle will result - in the system certificates being used to verify the serving - certificate of the upstream resolver(s). \n Possible values: - \"\" (empty) - This means no explicit choice has been made - and the platform chooses the default which is subject to - change over time. The current default is \"Cleartext\". - \"Cleartext\" - Cluster admin specified cleartext option. - This results in the same functionality as an empty value - but may be useful when a cluster admin wants to be more - explicit about the transport, or wants to switch from \"TLS\" - to \"Cleartext\" explicitly. \"TLS\" - This indicates that - DNS queries should be sent over a TLS connection. If Transport - is set to TLS, you MUST also set ServerName. If a port is - not included with the upstream IP, port 853 will be tried - by default per RFC 7858 section 3.1; https://datatracker.ietf.org/doc/html/rfc7858#section-3.1." - enum: - - TLS - - Cleartext - - "" - type: string - type: object - upstreams: - default: - - type: SystemResolvConf - description: "Upstreams is a list of resolvers to forward name - queries for the \".\" domain. Each instance of CoreDNS performs - health checking of Upstreams. When a healthy upstream returns - an error during the exchange, another resolver is tried from - Upstreams. The Upstreams are selected in the order specified - in Policy. \n A maximum of 15 upstreams is allowed per ForwardPlugin. - If no Upstreams are specified, /etc/resolv.conf is used by default" - items: - anyOf: - - not: - required: - - address - - port - properties: - type: - enum: - - "" - - SystemResolvConf - - optional: - - port - properties: - type: - enum: - - Network - required: - - address - description: "Upstream can either be of type SystemResolvConf, - or of type Network. \n - For an Upstream of type SystemResolvConf, - no further fields are necessary: The upstream will be configured - to use /etc/resolv.conf. - For an Upstream of type Network, - a NetworkResolver field needs to be defined with an IP address - or IP:port if the upstream listens on a port other than 53." - properties: - address: - anyOf: - - format: ipv4 - - format: ipv6 - description: Address must be defined when Type is set to - Network. It will be ignored otherwise. It must be a valid - ipv4 or ipv6 address. - type: string - port: - default: 53 - description: Port may be defined when Type is set to Network. - It will be ignored otherwise. Port must be between 65535 - format: int32 - maximum: 65535 - minimum: 1 - type: integer - type: - description: "Type defines whether this upstream contains - an IP/IP:port resolver or the local /etc/resolv.conf. - Type accepts 2 possible values: SystemResolvConf or Network. - \n * When SystemResolvConf is used, the Upstream structure - does not require any further fields to be defined: /etc/resolv.conf - will be used * When Network is used, the Upstream structure - must contain at least an Address" - enum: - - SystemResolvConf - - Network - - "" - type: string - required: - - type - type: object - maxItems: 15 - type: array - type: object - type: object - status: - description: status is the most recently observed status of the DNS. - properties: - clusterDomain: - description: "clusterDomain is the local cluster DNS domain suffix - for DNS services. This will be a subdomain as defined in RFC 1034, - section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 Example: - \"cluster.local\" \n More info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service" - type: string - clusterIP: - description: "clusterIP is the service IP through which this DNS is - made available. \n In the case of the default DNS, this will be - a well known IP that is used as the default nameserver for pods - that are using the default ClusterFirst DNS policy. \n In general, - this IP can be specified in a pod's spec.dnsConfig.nameservers list - or used explicitly when performing name resolution from within the - cluster. Example: dig foo.com @ \n More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - type: string - conditions: - description: "conditions provide information about the state of the - DNS on the cluster. \n These are the supported DNS conditions: \n - * Available - True if the following conditions are met: * DNS controller - daemonset is available. - False if any of those conditions are unsatisfied." - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - required: - - clusterDomain - - clusterIP - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml deleted file mode 100644 index d3f7ffec7dc..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml +++ /dev/null @@ -1,175 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/562 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: csisnapshotcontrollers.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: CSISnapshotController - listKind: CSISnapshotControllerList - plural: csisnapshotcontrollers - singular: csisnapshotcontroller - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "CSISnapshotController provides a means to configure an operator - to manage the CSI snapshots. `cluster` is the canonical name. \n Compatibility - level 1: Stable within a major release for a minimum of 12 months or 3 minor - releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_80_machine-config-operator_01_config-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_80_machine-config-operator_01_config-CustomNoUpgrade.crd.yaml deleted file mode 100644 index c493e302c8d..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_80_machine-config-operator_01_config-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,395 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1453 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: machineconfigurations.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: MachineConfiguration - listKind: MachineConfigurationList - plural: machineconfigurations - singular: machineconfiguration - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "MachineConfiguration provides information to configure an operator - to manage Machine Configuration. \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - Machine Config Operator - properties: - failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. - type: string - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managedBootImages: - description: managedBootImages allows configuration for the management - of boot images for machine resources within the cluster. This configuration - allows users to select resources that should be updated to the latest - boot images during cluster upgrades, ensuring that new machines - always boot with the current cluster version's boot image. When - omitted, no boot images will be updated. - properties: - machineManagers: - description: machineManagers can be used to register machine management - resources for boot image updates. The Machine Config Operator - will watch for changes to this list. Only one entry is permitted - per type of machine management resource. - items: - description: MachineManager describes a target machine resource - that is registered for boot image updates. It stores identifying - information such as the resource type and the API Group of - the resource. It also provides granular control via the selection - field. - properties: - apiGroup: - description: apiGroup is name of the APIGroup that the machine - management resource belongs to. The only current valid - value is machine.openshift.io. machine.openshift.io means - that the machine manager will only register resources - that belong to OpenShift machine API group. - enum: - - machine.openshift.io - type: string - resource: - description: resource is the machine management resource's - type. The only current valid value is machinesets. machinesets - means that the machine manager will only register resources - of the kind MachineSet. - enum: - - machinesets - type: string - selection: - description: selection allows granular control of the machine - management resources that will be registered for boot - image updates. - properties: - mode: - description: mode determines how machine managers will - be selected for updates. Valid values are All and - Partial. All means that every resource matched by - the machine manager will be updated. Partial requires - specified selector(s) and allows customisation of - which resources matched by the machine manager will - be updated. - enum: - - All - - Partial - type: string - partial: - description: partial provides label selector(s) that - can be used to match machine management resources. - Only permitted when mode is set to "Partial". - properties: - machineResourceSelector: - description: machineResourceSelector is a label - selector that can be used to select machine resources - like MachineSets. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - machineResourceSelector - type: object - required: - - mode - type: object - x-kubernetes-validations: - - message: Partial is required when type is partial, and - forbidden otherwise - rule: 'has(self.mode) && self.mode == ''Partial'' ? has(self.partial) - : !has(self.partial)' - required: - - apiGroup - - resource - - selection - type: object - type: array - x-kubernetes-list-map-keys: - - resource - - apiGroup - x-kubernetes-list-type: map - type: object - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status is the most recently observed status of the Machine - Config Operator - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - latestAvailableRevisionReason: - description: latestAvailableRevisionReason describe the detailed reason - for the most recent deployment - type: string - nodeStatuses: - description: nodeStatuses track the deployment values and errors across - individual nodes - items: - description: NodeStatus provides information about the current state - of a particular node managed by this operator. - properties: - currentRevision: - description: currentRevision is the generation of the most recently - successful deployment - format: int32 - type: integer - lastFailedCount: - description: lastFailedCount is how often the installer pod - of the last failed revision failed. - type: integer - lastFailedReason: - description: lastFailedReason is a machine readable failure - reason string. - type: string - lastFailedRevision: - description: lastFailedRevision is the generation of the deployment - we tried and failed to deploy. - format: int32 - type: integer - lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of human readable - errors during the failed deployment referenced in lastFailedRevision. - items: - type: string - type: array - x-kubernetes-list-type: atomic - lastFailedTime: - description: lastFailedTime is the time the last failed revision - failed the last time. - format: date-time - type: string - lastFallbackCount: - description: lastFallbackCount is how often a fallback to a - previous revision happened. - type: integer - nodeName: - description: nodeName is the name of the node - type: string - targetRevision: - description: targetRevision is the generation of the deployment - we're trying to apply - format: int32 - type: integer - required: - - nodeName - type: object - type: array - x-kubernetes-list-map-keys: - - nodeName - x-kubernetes-list-type: map - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_80_machine-config-operator_01_config-Default.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_80_machine-config-operator_01_config-Default.crd.yaml deleted file mode 100644 index 8fd0c546df6..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_80_machine-config-operator_01_config-Default.crd.yaml +++ /dev/null @@ -1,261 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1453 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: Default - name: machineconfigurations.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: MachineConfiguration - listKind: MachineConfigurationList - plural: machineconfigurations - singular: machineconfiguration - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "MachineConfiguration provides information to configure an operator - to manage Machine Configuration. \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - Machine Config Operator - properties: - failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. - type: string - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status is the most recently observed status of the Machine - Config Operator - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - latestAvailableRevisionReason: - description: latestAvailableRevisionReason describe the detailed reason - for the most recent deployment - type: string - nodeStatuses: - description: nodeStatuses track the deployment values and errors across - individual nodes - items: - description: NodeStatus provides information about the current state - of a particular node managed by this operator. - properties: - currentRevision: - description: currentRevision is the generation of the most recently - successful deployment - format: int32 - type: integer - lastFailedCount: - description: lastFailedCount is how often the installer pod - of the last failed revision failed. - type: integer - lastFailedReason: - description: lastFailedReason is a machine readable failure - reason string. - type: string - lastFailedRevision: - description: lastFailedRevision is the generation of the deployment - we tried and failed to deploy. - format: int32 - type: integer - lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of human readable - errors during the failed deployment referenced in lastFailedRevision. - items: - type: string - type: array - x-kubernetes-list-type: atomic - lastFailedTime: - description: lastFailedTime is the time the last failed revision - failed the last time. - format: date-time - type: string - lastFallbackCount: - description: lastFallbackCount is how often a fallback to a - previous revision happened. - type: integer - nodeName: - description: nodeName is the name of the node - type: string - targetRevision: - description: targetRevision is the generation of the deployment - we're trying to apply - format: int32 - type: integer - required: - - nodeName - type: object - type: array - x-kubernetes-list-map-keys: - - nodeName - x-kubernetes-list-type: map - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_80_machine-config-operator_01_config-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_80_machine-config-operator_01_config-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index af978be9510..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_80_machine-config-operator_01_config-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,395 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1453 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: machineconfigurations.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: MachineConfiguration - listKind: MachineConfigurationList - plural: machineconfigurations - singular: machineconfiguration - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "MachineConfiguration provides information to configure an operator - to manage Machine Configuration. \n Compatibility level 1: Stable within - a major release for a minimum of 12 months or 3 minor releases (whichever - is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the - Machine Config Operator - properties: - failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why - you think it will work this time instead of failing again on the - same config. - type: string - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managedBootImages: - description: managedBootImages allows configuration for the management - of boot images for machine resources within the cluster. This configuration - allows users to select resources that should be updated to the latest - boot images during cluster upgrades, ensuring that new machines - always boot with the current cluster version's boot image. When - omitted, no boot images will be updated. - properties: - machineManagers: - description: machineManagers can be used to register machine management - resources for boot image updates. The Machine Config Operator - will watch for changes to this list. Only one entry is permitted - per type of machine management resource. - items: - description: MachineManager describes a target machine resource - that is registered for boot image updates. It stores identifying - information such as the resource type and the API Group of - the resource. It also provides granular control via the selection - field. - properties: - apiGroup: - description: apiGroup is name of the APIGroup that the machine - management resource belongs to. The only current valid - value is machine.openshift.io. machine.openshift.io means - that the machine manager will only register resources - that belong to OpenShift machine API group. - enum: - - machine.openshift.io - type: string - resource: - description: resource is the machine management resource's - type. The only current valid value is machinesets. machinesets - means that the machine manager will only register resources - of the kind MachineSet. - enum: - - machinesets - type: string - selection: - description: selection allows granular control of the machine - management resources that will be registered for boot - image updates. - properties: - mode: - description: mode determines how machine managers will - be selected for updates. Valid values are All and - Partial. All means that every resource matched by - the machine manager will be updated. Partial requires - specified selector(s) and allows customisation of - which resources matched by the machine manager will - be updated. - enum: - - All - - Partial - type: string - partial: - description: partial provides label selector(s) that - can be used to match machine management resources. - Only permitted when mode is set to "Partial". - properties: - machineResourceSelector: - description: machineResourceSelector is a label - selector that can be used to select machine resources - like MachineSets. - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - items: - description: A label selector requirement - is a selector that contains values, a key, - and an operator that relates the key and - values. - properties: - key: - description: key is the label key that - the selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. - If the operator is Exists or DoesNotExist, - the values array must be empty. This - array is replaced during a strategic - merge patch. - items: - type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is - "In", and the values array contains only "value". - The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - required: - - machineResourceSelector - type: object - required: - - mode - type: object - x-kubernetes-validations: - - message: Partial is required when type is partial, and - forbidden otherwise - rule: 'has(self.mode) && self.mode == ''Partial'' ? has(self.partial) - : !has(self.partial)' - required: - - apiGroup - - resource - - selection - type: object - type: array - x-kubernetes-list-map-keys: - - resource - - apiGroup - x-kubernetes-list-type: map - type: object - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status is the most recently observed status of the Machine - Config Operator - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - latestAvailableRevisionReason: - description: latestAvailableRevisionReason describe the detailed reason - for the most recent deployment - type: string - nodeStatuses: - description: nodeStatuses track the deployment values and errors across - individual nodes - items: - description: NodeStatus provides information about the current state - of a particular node managed by this operator. - properties: - currentRevision: - description: currentRevision is the generation of the most recently - successful deployment - format: int32 - type: integer - lastFailedCount: - description: lastFailedCount is how often the installer pod - of the last failed revision failed. - type: integer - lastFailedReason: - description: lastFailedReason is a machine readable failure - reason string. - type: string - lastFailedRevision: - description: lastFailedRevision is the generation of the deployment - we tried and failed to deploy. - format: int32 - type: integer - lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of human readable - errors during the failed deployment referenced in lastFailedRevision. - items: - type: string - type: array - x-kubernetes-list-type: atomic - lastFailedTime: - description: lastFailedTime is the time the last failed revision - failed the last time. - format: date-time - type: string - lastFallbackCount: - description: lastFallbackCount is how often a fallback to a - previous revision happened. - type: integer - nodeName: - description: nodeName is the name of the node - type: string - targetRevision: - description: targetRevision is the generation of the deployment - we're trying to apply - format: int32 - type: integer - required: - - nodeName - type: object - type: array - x-kubernetes-list-map-keys: - - nodeName - x-kubernetes-list-type: map - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml deleted file mode 100644 index 2efda222d27..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml +++ /dev/null @@ -1,375 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/701 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: clustercsidrivers.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: ClusterCSIDriver - listKind: ClusterCSIDriverList - plural: clustercsidrivers - singular: clustercsidriver - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "ClusterCSIDriver object allows management and configuration - of a CSI driver operator installed by default in OpenShift. Name of the - object must be name of the CSI driver it operates. See CSIDriverName type - for list of allowed values. \n Compatibility level 1: Stable within a major - release for a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - properties: - name: - enum: - - ebs.csi.aws.com - - efs.csi.aws.com - - disk.csi.azure.com - - file.csi.azure.com - - filestore.csi.storage.gke.io - - pd.csi.storage.gke.io - - cinder.csi.openstack.org - - csi.vsphere.vmware.com - - manila.csi.openstack.org - - csi.ovirt.org - - csi.kubevirt.io - - csi.sharedresource.openshift.io - - diskplugin.csi.alibabacloud.com - - vpc.block.csi.ibm.io - - powervs.csi.ibm.com - - secrets-store.csi.k8s.io - - smb.csi.k8s.io - type: string - type: object - spec: - description: spec holds user settable values for configuration - properties: - driverConfig: - description: driverConfig can be used to specify platform specific - driver configuration. When omitted, this means no opinion and the - platform is left to choose reasonable defaults. These defaults are - subject to change over time. - properties: - aws: - description: aws is used to configure the AWS CSI driver. - properties: - kmsKeyARN: - description: kmsKeyARN sets the cluster default storage class - to encrypt volumes with a user-defined KMS key, rather than - the default KMS key used by AWS. The value may be either - the ARN or Alias ARN of a KMS key. - pattern: ^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b|aws-iso-e|aws-iso-f):kms:[a-z0-9-]+:[0-9]{12}:(key|alias)\/.*$ - type: string - type: object - azure: - description: azure is used to configure the Azure CSI driver. - properties: - diskEncryptionSet: - description: diskEncryptionSet sets the cluster default storage - class to encrypt volumes with a customer-managed encryption - set, rather than the default platform-managed keys. - properties: - name: - description: name is the name of the disk encryption set - that will be set on the default storage class. The value - should consist of only alphanumberic characters, underscores - (_), hyphens, and be at most 80 characters in length. - maxLength: 80 - pattern: ^[a-zA-Z0-9\_-]+$ - type: string - resourceGroup: - description: resourceGroup defines the Azure resource - group that contains the disk encryption set. The value - should consist of only alphanumberic characters, underscores - (_), parentheses, hyphens and periods. The value should - not end in a period and be at most 90 characters in - length. - maxLength: 90 - pattern: ^[\w\.\-\(\)]*[\w\-\(\)]$ - type: string - subscriptionID: - description: 'subscriptionID defines the Azure subscription - that contains the disk encryption set. The value should - meet the following conditions: 1. It should be a 128-bit - number. 2. It should be 36 characters (32 hexadecimal - characters and 4 hyphens) long. 3. It should be displayed - in five groups separated by hyphens (-). 4. The first - group should be 8 characters long. 5. The second, third, - and fourth groups should be 4 characters long. 6. The - fifth group should be 12 characters long. An Example - SubscrionID: f2007bbf-f802-4a47-9336-cf7c6b89b378' - maxLength: 36 - pattern: ^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$ - type: string - required: - - name - - resourceGroup - - subscriptionID - type: object - type: object - driverType: - description: 'driverType indicates type of CSI driver for which - the driverConfig is being applied to. Valid values are: AWS, - Azure, GCP, IBMCloud, vSphere and omitted. Consumers should - treat unknown values as a NO-OP.' - enum: - - "" - - AWS - - Azure - - GCP - - IBMCloud - - vSphere - type: string - gcp: - description: gcp is used to configure the GCP CSI driver. - properties: - kmsKey: - description: kmsKey sets the cluster default storage class - to encrypt volumes with customer-supplied encryption keys, - rather than the default keys managed by GCP. - properties: - keyRing: - description: keyRing is the name of the KMS Key Ring which - the KMS Key belongs to. The value should correspond - to an existing KMS key ring and should consist of only - alphanumeric characters, hyphens (-) and underscores - (_), and be at most 63 characters in length. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9\_-]+$ - type: string - location: - description: location is the GCP location in which the - Key Ring exists. The value must match an existing GCP - location, or "global". Defaults to global, if not set. - pattern: ^[a-zA-Z0-9\_-]+$ - type: string - name: - description: name is the name of the customer-managed - encryption key to be used for disk encryption. The value - should correspond to an existing KMS key and should - consist of only alphanumeric characters, hyphens (-) - and underscores (_), and be at most 63 characters in - length. - maxLength: 63 - minLength: 1 - pattern: ^[a-zA-Z0-9\_-]+$ - type: string - projectID: - description: projectID is the ID of the Project in which - the KMS Key Ring exists. It must be 6 to 30 lowercase - letters, digits, or hyphens. It must start with a letter. - Trailing hyphens are prohibited. - maxLength: 30 - minLength: 6 - pattern: ^[a-z][a-z0-9-]+[a-z0-9]$ - type: string - required: - - keyRing - - name - - projectID - type: object - type: object - ibmcloud: - description: ibmcloud is used to configure the IBM Cloud CSI driver. - properties: - encryptionKeyCRN: - description: encryptionKeyCRN is the IBM Cloud CRN of the - customer-managed root key to use for disk encryption of - volumes for the default storage classes. - maxLength: 154 - minLength: 144 - pattern: ^crn:v[0-9]+:bluemix:(public|private):(kms|hs-crypto):[a-z-]+:a/[0-9a-f]+:[0-9a-f-]{36}:key:[0-9a-f-]{36}$ - type: string - required: - - encryptionKeyCRN - type: object - vSphere: - description: vsphere is used to configure the vsphere CSI driver. - properties: - topologyCategories: - description: topologyCategories indicates tag categories with - which vcenter resources such as hostcluster or datacenter - were tagged with. If cluster Infrastructure object has a - topology, values specified in Infrastructure object will - be used and modifications to topologyCategories will be - rejected. - items: - type: string - type: array - type: object - required: - - driverType - type: object - x-kubernetes-validations: - - message: ibmcloud must be set if driverType is 'IBMCloud', but remain - unset otherwise - rule: 'has(self.driverType) && self.driverType == ''IBMCloud'' ? - has(self.ibmcloud) : !has(self.ibmcloud)' - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - storageClassState: - description: StorageClassState determines if CSI operator should create - and manage storage classes. If this field value is empty or Managed - - CSI operator will continuously reconcile storage class and create - if necessary. If this field value is Unmanaged - CSI operator will - not reconcile any previously created storage class. If this field - value is Removed - CSI operator will delete the storage class it - created previously. When omitted, this means the user has no opinion - and the platform chooses a reasonable default, which is subject - to change over time. The current default behaviour is Managed. - enum: - - "" - - Managed - - Unmanaged - - Removed - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/00_console-operator.crd.yaml b/vendor/github.com/openshift/api/operator/v1/00_console-operator.crd.yaml deleted file mode 100644 index 4c0519ab36e..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/00_console-operator.crd.yaml +++ /dev/null @@ -1,643 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/486 - api.openshift.io/merged-by-featuregates: "true" - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: consoles.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: Console - listKind: ConsoleList - plural: consoles - singular: console - scope: Cluster - versions: - - name: v1 - schema: - openAPIV3Schema: - description: "Console provides a means to configure an operator to manage - the console. \n Compatibility level 1: Stable within a major release for - a minimum of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConsoleSpec is the specification of the desired behavior - of the Console. - properties: - customization: - description: customization is used to optionally provide a small set - of customization options to the web console. - properties: - addPage: - description: addPage allows customizing actions on the Add page - in developer perspective. - properties: - disabledActions: - description: disabledActions is a list of actions that are - not shown to users. Each action in the list is represented - by its ID. - items: - type: string - minItems: 1 - type: array - type: object - brand: - description: brand is the default branding of the web console - which can be overridden by providing the brand field. There - is a limited set of specific brand options. This field controls - elements of the console such as the logo. Invalid value will - prevent a console rollout. - enum: - - openshift - - okd - - online - - ocp - - dedicated - - azure - - OpenShift - - OKD - - Online - - OCP - - Dedicated - - Azure - - ROSA - type: string - customLogoFile: - description: 'customLogoFile replaces the default OpenShift logo - in the masthead and about dialog. It is a reference to a ConfigMap - in the openshift-config namespace. This can be created with - a command like ''oc create configmap custom-logo --from-file=/path/to/file - -n openshift-config''. Image size must be less than 1 MB due - to constraints on the ConfigMap size. The ConfigMap key should - include a file extension so that the console serves the file - with the correct MIME type. Recommended logo specifications: - Dimensions: Max height of 68px and max width of 200px SVG format - preferred' - properties: - key: - description: Key allows pointing to a specific key/value inside - of the configmap. This is useful for logical file references. - type: string - name: - type: string - type: object - customProductName: - description: customProductName is the name that will be displayed - in page titles, logo alt text, and the about dialog instead - of the normal OpenShift product name. - type: string - developerCatalog: - description: developerCatalog allows to configure the shown developer - catalog categories (filters) and types (sub-catalogs). - properties: - categories: - description: categories which are shown in the developer catalog. - items: - description: DeveloperConsoleCatalogCategory for the developer - console catalog. - properties: - id: - description: ID is an identifier used in the URL to - enable deep linking in console. ID is required and - must have 1-32 URL safe (A-Z, a-z, 0-9, - and _) characters. - maxLength: 32 - minLength: 1 - pattern: ^[A-Za-z0-9-_]+$ - type: string - label: - description: label defines a category display label. - It is required and must have 1-64 characters. - maxLength: 64 - minLength: 1 - type: string - subcategories: - description: subcategories defines a list of child categories. - items: - description: DeveloperConsoleCatalogCategoryMeta are - the key identifiers of a developer catalog category. - properties: - id: - description: ID is an identifier used in the URL - to enable deep linking in console. ID is required - and must have 1-32 URL safe (A-Z, a-z, 0-9, - - and _) characters. - maxLength: 32 - minLength: 1 - pattern: ^[A-Za-z0-9-_]+$ - type: string - label: - description: label defines a category display - label. It is required and must have 1-64 characters. - maxLength: 64 - minLength: 1 - type: string - tags: - description: tags is a list of strings that will - match the category. A selected category show - all items which has at least one overlapping - tag between category and item. - items: - type: string - type: array - required: - - id - - label - type: object - type: array - tags: - description: tags is a list of strings that will match - the category. A selected category show all items which - has at least one overlapping tag between category - and item. - items: - type: string - type: array - required: - - id - - label - type: object - type: array - types: - description: types allows enabling or disabling of sub-catalog - types that user can see in the Developer catalog. When omitted, - all the sub-catalog types will be shown. - properties: - disabled: - description: 'disabled is a list of developer catalog - types (sub-catalogs IDs) that are not shown to users. - Types (sub-catalogs) are added via console plugins, - the available types (sub-catalog IDs) are available - in the console on the cluster configuration page, or - when editing the YAML in the console. Example: "Devfile", - "HelmChart", "BuilderImage" If the list is empty or - all the available sub-catalog types are added, then - the complete developer catalog should be hidden.' - items: - type: string - type: array - x-kubernetes-list-type: set - enabled: - description: 'enabled is a list of developer catalog types - (sub-catalogs IDs) that will be shown to users. Types - (sub-catalogs) are added via console plugins, the available - types (sub-catalog IDs) are available in the console - on the cluster configuration page, or when editing the - YAML in the console. Example: "Devfile", "HelmChart", - "BuilderImage" If the list is non-empty, a new type - will not be shown to the user until it is added to list. - If the list is empty the complete developer catalog - will be shown.' - items: - type: string - type: array - x-kubernetes-list-type: set - state: - default: Enabled - description: state defines if a list of catalog types - should be enabled or disabled. - enum: - - Enabled - - Disabled - type: string - required: - - state - type: object - x-kubernetes-validations: - - message: enabled is forbidden when state is not Enabled - rule: 'self.state == ''Enabled'' ? true : !has(self.enabled)' - - message: disabled is forbidden when state is not Disabled - rule: 'self.state == ''Disabled'' ? true : !has(self.disabled)' - type: object - documentationBaseURL: - description: documentationBaseURL links to external documentation - are shown in various sections of the web console. Providing - documentationBaseURL will override the default documentation - URL. Invalid value will prevent a console rollout. - pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))\/$ - type: string - perspectives: - description: perspectives allows enabling/disabling of perspective(s) - that user can see in the Perspective switcher dropdown. - items: - description: Perspective defines a perspective that cluster - admins want to show/hide in the perspective switcher dropdown - properties: - id: - description: 'id defines the id of the perspective. Example: - "dev", "admin". The available perspective ids can be found - in the code snippet section next to the yaml editor. Incorrect - or unknown ids will be ignored.' - type: string - pinnedResources: - description: pinnedResources defines the list of default - pinned resources that users will see on the perspective - navigation if they have not customized these pinned resources - themselves. The list of available Kubernetes resources - could be read via `kubectl api-resources`. The console - will also provide a configuration UI and a YAML snippet - that will list the available resources that can be pinned - to the navigation. Incorrect or unknown resources will - be ignored. - items: - description: PinnedResourceReference includes the group, - version and type of resource - properties: - group: - description: 'group is the API Group of the Resource. - Enter empty string for the core group. This value - should consist of only lowercase alphanumeric characters, - hyphens and periods. Example: "", "apps", "build.openshift.io", - etc.' - pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ - type: string - resource: - description: 'resource is the type that is being referenced. - It is normally the plural form of the resource kind - in lowercase. This value should consist of only - lowercase alphanumeric characters and hyphens. Example: - "deployments", "deploymentconfigs", "pods", etc.' - pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ - type: string - version: - description: 'version is the API Version of the Resource. - This value should consist of only lowercase alphanumeric - characters. Example: "v1", "v1beta1", etc.' - pattern: ^[a-z0-9]+$ - type: string - required: - - group - - resource - - version - type: object - maxItems: 100 - type: array - visibility: - description: visibility defines the state of perspective - along with access review checks if needed for that perspective. - properties: - accessReview: - description: accessReview defines required and missing - access review checks. - minProperties: 1 - properties: - missing: - description: missing defines a list of permission - checks. The perspective will only be shown when - at least one check fails. When omitted, the access - review is skipped and the perspective will not - be shown unless it is required to do so based - on the configuration of the required access review - list. - items: - description: ResourceAttributes includes the authorization - attributes available for resource requests to - the Authorizer interface - properties: - group: - description: Group is the API Group of the - Resource. "*" means all. - type: string - name: - description: Name is the name of the resource - being requested for a "get" or deleted for - a "delete". "" (empty) means all. - type: string - namespace: - description: Namespace is the namespace of - the action being requested. Currently, - there is no distinction between no namespace - and all namespaces "" (empty) is defaulted - for LocalSubjectAccessReviews "" (empty) - is empty for cluster-scoped resources "" - (empty) means "all" for namespace scoped - resources from a SubjectAccessReview or - SelfSubjectAccessReview - type: string - resource: - description: Resource is one of the existing - resource types. "*" means all. - type: string - subresource: - description: Subresource is one of the existing - resource types. "" means none. - type: string - verb: - description: 'Verb is a kubernetes resource - API verb, like: get, list, watch, create, - update, delete, proxy. "*" means all.' - type: string - version: - description: Version is the API Version of - the Resource. "*" means all. - type: string - type: object - type: array - required: - description: required defines a list of permission - checks. The perspective will only be shown when - all checks are successful. When omitted, the access - review is skipped and the perspective will not - be shown unless it is required to do so based - on the configuration of the missing access review - list. - items: - description: ResourceAttributes includes the authorization - attributes available for resource requests to - the Authorizer interface - properties: - group: - description: Group is the API Group of the - Resource. "*" means all. - type: string - name: - description: Name is the name of the resource - being requested for a "get" or deleted for - a "delete". "" (empty) means all. - type: string - namespace: - description: Namespace is the namespace of - the action being requested. Currently, - there is no distinction between no namespace - and all namespaces "" (empty) is defaulted - for LocalSubjectAccessReviews "" (empty) - is empty for cluster-scoped resources "" - (empty) means "all" for namespace scoped - resources from a SubjectAccessReview or - SelfSubjectAccessReview - type: string - resource: - description: Resource is one of the existing - resource types. "*" means all. - type: string - subresource: - description: Subresource is one of the existing - resource types. "" means none. - type: string - verb: - description: 'Verb is a kubernetes resource - API verb, like: get, list, watch, create, - update, delete, proxy. "*" means all.' - type: string - version: - description: Version is the API Version of - the Resource. "*" means all. - type: string - type: object - type: array - type: object - state: - description: state defines the perspective is enabled - or disabled or access review check is required. - enum: - - Enabled - - Disabled - - AccessReview - type: string - required: - - state - type: object - x-kubernetes-validations: - - message: accessReview configuration is required when state - is AccessReview, and forbidden otherwise - rule: 'self.state == ''AccessReview'' ? has(self.accessReview) - : !has(self.accessReview)' - required: - - id - - visibility - type: object - x-kubernetes-validations: - - message: pinnedResources is allowed only for dev and forbidden - for other perspectives - rule: 'has(self.id) && self.id != ''dev''? !has(self.pinnedResources) - : true' - type: array - x-kubernetes-list-map-keys: - - id - x-kubernetes-list-type: map - projectAccess: - description: projectAccess allows customizing the available list - of ClusterRoles in the Developer perspective Project access - page which can be used by a project admin to specify roles to - other users and restrict access within the project. If set, - the list will replace the default ClusterRole options. - properties: - availableClusterRoles: - description: availableClusterRoles is the list of ClusterRole - names that are assignable to users through the project access - tab. - items: - type: string - type: array - type: object - quickStarts: - description: quickStarts allows customization of available ConsoleQuickStart - resources in console. - properties: - disabled: - description: disabled is a list of ConsoleQuickStart resource - names that are not shown to users. - items: - type: string - type: array - type: object - type: object - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - plugins: - description: plugins defines a list of enabled console plugin names. - items: - type: string - type: array - providers: - description: providers contains configuration for using specific service - providers. - properties: - statuspage: - description: statuspage contains ID for statuspage.io page that - provides status info about. - properties: - pageID: - description: pageID is the unique ID assigned by Statuspage - for your page. This must be a public page. - type: string - type: object - type: object - route: - description: route contains hostname and secret reference that contains - the serving certificate. If a custom route is specified, a new route - will be created with the provided hostname, under which console - will be available. In case of custom hostname uses the default routing - suffix of the cluster, the Secret specification for a serving certificate - will not be needed. In case of custom hostname points to an arbitrary - domain, manual DNS configurations steps are necessary. The default - console route will be maintained to reserve the default hostname - for console if the custom route is removed. If not specified, default - route will be used. DEPRECATED - properties: - hostname: - description: hostname is the desired custom domain under which - console will be available. - type: string - secret: - description: 'secret points to secret in the openshift-config - namespace that contains custom certificate and key and needs - to be created manually by the cluster admin. Referenced Secret - is required to contain following key value pairs: - "tls.crt" - - to specifies custom certificate - "tls.key" - to specifies - private key of the custom certificate If the custom hostname - uses the default routing suffix of the cluster, the Secret specification - for a serving certificate will not be needed.' - properties: - name: - description: name is the metadata.name of the referenced secret - type: string - required: - - name - type: object - type: object - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: ConsoleStatus defines the observed status of the Console. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/custom.etcd.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/custom.etcd.testsuite.yaml deleted file mode 100644 index a414ac1cb45..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/custom.etcd.testsuite.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Custom] Etcd" -crd: 0000_12_etcd-operator_01_config-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create with Standard hardware speed - initial: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - controlPlaneHardwareSpeed: Standard - expected: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - logLevel: Normal - operatorLogLevel: Normal - controlPlaneHardwareSpeed: Standard - - name: Should be able to create with Slower hardware speed - initial: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - controlPlaneHardwareSpeed: Slower - expected: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - logLevel: Normal - operatorLogLevel: Normal - controlPlaneHardwareSpeed: Slower - onUpdate: - - name: Should be able to create with Standard, then set to Slower - initial: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - controlPlaneHardwareSpeed: Standard - updated: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - controlPlaneHardwareSpeed: Slower - expected: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - logLevel: Normal - operatorLogLevel: Normal - controlPlaneHardwareSpeed: Slower - - name: Should not be allowed to try to set invalid hardware speed - initial: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - controlPlaneHardwareSpeed: Standard - updated: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - controlPlaneHardwareSpeed: foo - expectedError: Unsupported value diff --git a/vendor/github.com/openshift/api/operator/v1/custom.machineconfiguration.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/custom.machineconfiguration.testsuite.yaml deleted file mode 100644 index 529b436ba2c..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/custom.machineconfiguration.testsuite.yaml +++ /dev/null @@ -1,117 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[CustomNoUpgrade] MachineConfiguration" -crd: 0000_80_machine-config-operator_01_config-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal MachineConfiguration - initial: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: {} # No spec is required for a MachineConfiguration - expected: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: - logLevel: Normal - operatorLogLevel: Normal - - name: Should be able to create an empty ManagedBootImages configuration knob - initial: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: - managedBootImages: - machineManagers: [] - expected: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: - logLevel: Normal - operatorLogLevel: Normal - managedBootImages: - machineManagers: [] - - name: Should be able to create a ManagedBootImages configuration knob that opts in all MachineSets - initial: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: - managedBootImages: - machineManagers: - - resource: machinesets - apiGroup: machine.openshift.io - selection: - mode: All - expected: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: - logLevel: Normal - operatorLogLevel: Normal - managedBootImages: - machineManagers: - - resource: machinesets - apiGroup: machine.openshift.io - selection: - mode: All - - name: Should be able to create a ManagedBootImages configuration knob that opts in MachineSets in partial mode - initial: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: - managedBootImages: - machineManagers: - - resource: machinesets - apiGroup: machine.openshift.io - selection: - mode: Partial - partial: - machineResourceSelector: - matchLabels: {} - expected: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: - logLevel: Normal - operatorLogLevel: Normal - managedBootImages: - machineManagers: - - resource: machinesets - apiGroup: machine.openshift.io - selection: - mode: Partial - partial: - machineResourceSelector: - matchLabels: {} - - name: Should not be able to add partial field if machineManager.selection.mode is not set to Partial - initial: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: - managedBootImages: - machineManagers: - - resource: machinesets - apiGroup: machine.openshift.io - selection: - mode: All - partial: - machineResourceSelector: - matchLabels: {} - expectedError: "Partial is required when type is partial, and forbidden otherwise" - - name: Only one unique pair of resource/apigroup is allowed in machineManagers - initial: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: - managedBootImages: - machineManagers: - - resource: machinesets - apiGroup: machine.openshift.io - selection: - mode: Partial - partial: - machineResourceSelector: - matchLabels: {} - - resource: machinesets - apiGroup: machine.openshift.io - selection: - mode: All - expectedError: "spec.managedBootImages.machineManagers[1]: Duplicate value: map[string]interface {}{\"apiGroup\":\"machine.openshift.io\", \"resource\":\"machinesets\"}" diff --git a/vendor/github.com/openshift/api/operator/v1/stable.authentication.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.authentication.testsuite.yaml deleted file mode 100644 index 8ec1f66501c..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.authentication.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Authentication" -crd: 0000_50_cluster-authentication-operator_01_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Authentication - initial: | - apiVersion: operator.openshift.io/v1 - kind: Authentication - spec: {} # No spec is required for a Authentication - expected: | - apiVersion: operator.openshift.io/v1 - kind: Authentication - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.cloudcredential.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.cloudcredential.testsuite.yaml deleted file mode 100644 index fa3c34bff66..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.cloudcredential.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] CloudCredential" -crd: 0000_40_cloud-credential-operator_00_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal CloudCredential - initial: | - apiVersion: operator.openshift.io/v1 - kind: CloudCredential - spec: {} # No spec is required for a CloudCredential - expected: | - apiVersion: operator.openshift.io/v1 - kind: CloudCredential - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.clustercsidriver.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.clustercsidriver.testsuite.yaml deleted file mode 100644 index 7a159da8605..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.clustercsidriver.testsuite.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ClusterCSIDriver" -crd: 0000_90_cluster_csi_driver_01_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ClusterCSIDriver - initial: | - apiVersion: operator.openshift.io/v1 - kind: ClusterCSIDriver - metadata: - name: csi.sharedresource.openshift.io - spec: {} # No spec is required for a ClusterCSIDriver - expected: | - apiVersion: operator.openshift.io/v1 - kind: ClusterCSIDriver - metadata: - name: csi.sharedresource.openshift.io - spec: - logLevel: Normal - operatorLogLevel: Normal - - name: IBM Cloud CSIDriverType must have a defined IBM Cloud spec - initial: | - apiVersion: operator.openshift.io/v1 - kind: ClusterCSIDriver - metadata: - name: csi.sharedresource.openshift.io - spec: - driverConfig: - driverType: IBMCloud - expectedError: "Invalid value: \"object\": ibmcloud must be set if driverType is 'IBMCloud', but remain unset otherwise" - - name: IBM Cloud spec must have an EncryptionKeyCRN defined - initial: | - apiVersion: operator.openshift.io/v1 - kind: ClusterCSIDriver - metadata: - name: csi.sharedresource.openshift.io - spec: - driverConfig: - driverType: IBMCloud - ibmcloud: {} - expectedError: "spec.driverConfig.ibmcloud.encryptionKeyCRN: Required value, : Invalid value: \"null\": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation" diff --git a/vendor/github.com/openshift/api/operator/v1/stable.config.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.config.testsuite.yaml deleted file mode 100644 index e3708dd00d0..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.config.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Config" -crd: 0000_10_config-operator_01_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Config - initial: | - apiVersion: operator.openshift.io/v1 - kind: Config - spec: {} # No spec is required for a Config - expected: | - apiVersion: operator.openshift.io/v1 - kind: Config - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.console.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.console.testsuite.yaml deleted file mode 100644 index 065d490e45f..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.console.testsuite.yaml +++ /dev/null @@ -1,157 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Console" -crd: 00_console-operator.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Console - initial: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: {} # No spec is required for a Console - expected: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - logLevel: Normal - operatorLogLevel: Normal - - name: Should be able to customize perspectives - initial: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - customization: - perspectives: - - id: dev - visibility: - state: Enabled - - id: admin - visibility: - state: Disabled - expected: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - logLevel: Normal - operatorLogLevel: Normal - customization: - perspectives: - - id: dev - visibility: - state: Enabled - - id: admin - visibility: - state: Disabled - - name: Should throw an error for incorrect value of state in perspectives - initial: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - customization: - perspectives: - - id: dev - visibility: - state: Enables - expectedError: "spec.customization.perspectives[0].visibility.state: Unsupported value: \"Enables\": supported values: \"Enabled\", \"Disabled\", \"AccessReview\"" - - name: Should be able to add pinned resources to a perspective - initial: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - customization: - perspectives: - - id: dev - visibility: - state: Enabled - pinnedResources: - - group: "" - resource: configmaps - version: v1 - expected: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - logLevel: Normal - operatorLogLevel: Normal - customization: - perspectives: - - id: dev - visibility: - state: Enabled - pinnedResources: - - group: "" - resource: configmaps - version: v1 - - name: Should not be able to add pinned resources to "admin" perspective - initial: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - customization: - perspectives: - - id: admin - visibility: - state: Enabled - pinnedResources: - - group: "" - resource: configmaps - version: v1 - expectedError: "pinnedResources is allowed only for dev and forbidden for other perspectives" - - name: Should throw an error if "group" is missing from the pinnedResources - initial: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - customization: - perspectives: - - id: dev - visibility: - state: Enabled - pinnedResources: - - resource: configmaps - version: v1 - expectedError: "spec.customization.perspectives[0].pinnedResources[0].group: Required value" - - name: Should throw an error if the value of "version" in the pinnedResources doesnot match the required regex - initial: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - customization: - perspectives: - - id: dev - visibility: - state: Enabled - pinnedResources: - - group: "" - resource: configmaps - version: v' - expectedError: "spec.customization.perspectives[0].pinnedResources[0].version in body should match '^[a-z0-9]+$'" - - name: Should throw an error if the value of "group" in the pinnedResources doesnot match the required regex - initial: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - customization: - perspectives: - - id: dev - visibility: - state: Enabled - pinnedResources: - - group: .apps. - resource: deployments - version: v1 - expectedError: "spec.customization.perspectives[0].pinnedResources[0].group in body should match '^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$'" - - name: Should throw an error if the value of "resource" in the pinnedResources doesnot match the required regex - initial: | - apiVersion: operator.openshift.io/v1 - kind: Console - spec: - customization: - perspectives: - - id: dev - visibility: - state: Enabled - pinnedResources: - - group: apps - resource: Deployment - version: v1 - expectedError: "spec.customization.perspectives[0].pinnedResources[0].resource in body should match '^[a-z0-9]([-a-z0-9]*[a-z0-9])?$'" diff --git a/vendor/github.com/openshift/api/operator/v1/stable.csisnapshotcontroller.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.csisnapshotcontroller.testsuite.yaml deleted file mode 100644 index f87e08121e4..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.csisnapshotcontroller.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] CSISnapshotController" -crd: 0000_80_csi_snapshot_controller_operator_01_crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal CSISnapshotController - initial: | - apiVersion: operator.openshift.io/v1 - kind: CSISnapshotController - spec: {} # No spec is required for a CSISnapshotController - expected: | - apiVersion: operator.openshift.io/v1 - kind: CSISnapshotController - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.dns.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.dns.testsuite.yaml deleted file mode 100644 index 1f2def70cf7..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.dns.testsuite.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] DNS" -crd: 0000_70_dns-operator_00.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal DNS - initial: | - apiVersion: operator.openshift.io/v1 - kind: DNS - spec: {} # No spec is required for a DNS - expected: | - apiVersion: operator.openshift.io/v1 - kind: DNS - spec: - logLevel: Normal - operatorLogLevel: Normal - upstreamResolvers: - policy: Sequential - upstreams: - - port: 53 - type: SystemResolvConf diff --git a/vendor/github.com/openshift/api/operator/v1/stable.etcd.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.etcd.testsuite.yaml deleted file mode 100644 index ba4b2bc469b..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.etcd.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Etcd" -crd: 0000_12_etcd-operator_01_config-Default.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Etcd - initial: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: {} # No spec is required for a Etcd - expected: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml deleted file mode 100644 index 903d8e60c54..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.ingresscontroller.testsuite.yaml +++ /dev/null @@ -1,478 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] IngressController" -crd: 0000_50_ingress-operator_00-ingresscontroller.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal IngressController - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - spec: {} # No spec is required for a IngressController - expected: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - spec: - httpEmptyRequestsPolicy: Respond - - name: Should be able to create an IngressController with valid Actions - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - spec: - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - - name: X-Cache-Info - action: - type: Set - set: - value: "not cacheable; meta data too large" - - name: X-XSS-Protection - action: - type: Delete - - name: X-Source - action: - type: Set - set: - value: "%[res.hdr(X-Value),lower]" - request: - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: "%{+Q}[ssl_c_der,base64]" - - name: Content-Language - action: - type: Delete - - name: X-Target - action: - type: Set - set: - value: "%[req.hdr(host),lower]" - - name: X-Conditional - action: - type: Set - set: - value: "%[req.hdr(Host)] if foo" - - name: X-Condition - action: - type: Set - set: - value: "%[req.hdr(Host)]\ if\ foo" - expected: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - spec: - httpEmptyRequestsPolicy: Respond - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - - name: X-Cache-Info - action: - type: Set - set: - value: "not cacheable; meta data too large" - - name: X-XSS-Protection - action: - type: Delete - - name: X-Source - action: - type: Set - set: - value: "%[res.hdr(X-Value),lower]" - request: - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: "%{+Q}[ssl_c_der,base64]" - - name: Content-Language - action: - type: Delete - - name: X-Target - action: - type: Set - set: - value: "%[req.hdr(host),lower]" - - name: X-Conditional - action: - type: Set - set: - value: "%[req.hdr(Host)] if foo" - - name: X-Condition - action: - type: Set - set: - value: "%[req.hdr(Host)]\ if\ foo" - - name: Should not allow to set/delete HSTS header. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-hsts - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - - name: Strict-Transport-Security - action: - type: Delete - request: - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: Content-Language - action: - type: Delete - expectedError: "strict-transport-security header may not be modified via header actions" - - name: Should not allow to set/delete Proxy header. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-hsts - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - request: - - name: Proxy - action: - type: Set - set: - value: example.xyz - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: Content-Language - action: - type: Delete - expectedError: "proxy header may not be modified via header actions" - - name: Should not allow to set/delete Host header. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-hsts - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - request: - - name: Host - action: - type: Set - set: - value: example.xyz - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: Content-Language - action: - type: Delete - expectedError: "host header may not be modified via header actions" - - name: Should not allow to set/delete cookie header. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-hsts - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - request: - - name: Cookie - action: - type: Set - set: - value: "PHPSESSID=298zf09hf012fh2; csrftoken=u32t4o3tb3gg43; _gat=1" - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: Content-Language - action: - type: Delete - expectedError: "cookie header may not be modified via header actions" - - name: Should not allow to set/delete set-cookie header. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-hsts - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - response: - - name: Set-Cookie - action: - type: Set - set: - value: "sessionId=e8bb43229de9; Domain=foo.example.com" - request: - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: Content-Language - action: - type: Delete - expectedError: "set-cookie header may not be modified via header actions" - - name: Should not allow to set/delete dynamic headers with unclosed braces. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-unclosed-braces - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - request: - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: Content-Language - action: - type: Delete - - name: expires - action: - type: Set - set: - value: "%[req.hdr(host),lower" - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set dynamic response header values with not allowed sample fetchers. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-not-allowed-values - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - - name: X-Target - action: - type: Set - set: - value: "%[req.hdrs(host),lower]" - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow empty value in response. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-not-allowed-values - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: - expectedError: 'IngressController.operator.openshift.io "default-not-allowed-values" is invalid: [spec.httpHeaders.actions.response[0].action.set.value: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' - - name: Should not allow empty value in request. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-not-allowed-values - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - request: - - name: X-Frame-Options - action: - type: Set - set: - value: - expectedError: 'IngressController.operator.openshift.io "default-not-allowed-values" is invalid: [spec.httpHeaders.actions.request[0].action.set.value: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' - - name: Should not allow to set dynamic response header values with not allowed converters. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-not-allowed-values - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - - name: X-Source - action: - type: Set - set: - value: "%{+Q}[ssl_c_der,bogus]" - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set dynamic request header values containing sample fetcher res.hdr. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-not-allowed-values - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - request: - - name: X-Target - action: - type: Set - set: - value: "%[res.hdr(X-Value),lower]" - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set dynamic response headers value containing sample fetcher req.hdr. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-not-allowed-values - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - response: - - name: X-Source - action: - type: Set - set: - value: "%[req.hdr(host),lower]" - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set dynamic request header values with not allowed converters. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-not-allowed-values - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - request: - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: "%{+Q}[ssl_c_der,hello]" - - name: Content-Language - action: - type: Delete - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set dynamic request header values with not allowed sample fetchers. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-not-allowed-values - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - request: - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: "%{+Q}[ssl_c_der1234,base64]" - - name: Content-Language - action: - type: Delete - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should be required to specify the set field when the discriminant type is Set. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - spec: - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - expectedError: "set is required when type is Set, and forbidden otherwise" - - name: Should be able to add set field only when discriminant type is Set. - initial: | - apiVersion: operator.openshift.io/v1 - kind: IngressController - metadata: - name: default-not-allowed-values - namespace: openshift-ingress-operator - spec: - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - set: - value: DENY - expectedError: 'IngressController.operator.openshift.io "default-not-allowed-values" is invalid: [spec.httpHeaders.actions.response[0].action.type: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' diff --git a/vendor/github.com/openshift/api/operator/v1/stable.insightsoperator.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.insightsoperator.testsuite.yaml deleted file mode 100644 index f17d7ae26c9..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.insightsoperator.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] InsightsOperator" -crd: 0000_50_insights-operator_00-insightsoperator.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal InsightsOperator - initial: | - apiVersion: operator.openshift.io/v1 - kind: InsightsOperator - spec: {} # No spec is required for a InsightsOperator - expected: | - apiVersion: operator.openshift.io/v1 - kind: InsightsOperator - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.kubeapiserver.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.kubeapiserver.testsuite.yaml deleted file mode 100644 index 0428bde074b..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.kubeapiserver.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] KubeAPIServer" -crd: 0000_20_kube-apiserver-operator_01_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal KubeAPIServer - initial: | - apiVersion: operator.openshift.io/v1 - kind: KubeAPIServer - spec: {} # No spec is required for a KubeAPIServer - expected: | - apiVersion: operator.openshift.io/v1 - kind: KubeAPIServer - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.kubecontrollermanager.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.kubecontrollermanager.testsuite.yaml deleted file mode 100644 index 44286f65918..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.kubecontrollermanager.testsuite.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] KubeControllerManager" -crd: 0000_25_kube-controller-manager-operator_01_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal KubeControllerManager - initial: | - apiVersion: operator.openshift.io/v1 - kind: KubeControllerManager - spec: {} # No spec is required for a KubeControllerManager - expected: | - apiVersion: operator.openshift.io/v1 - kind: KubeControllerManager - spec: - logLevel: Normal - operatorLogLevel: Normal - useMoreSecureServiceCA: false diff --git a/vendor/github.com/openshift/api/operator/v1/stable.kubescheduler.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.kubescheduler.testsuite.yaml deleted file mode 100644 index 0096050396d..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.kubescheduler.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] KubeScheduler" -crd: 0000_25_kube-scheduler-operator_01_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal KubeScheduler - initial: | - apiVersion: operator.openshift.io/v1 - kind: KubeScheduler - spec: {} # No spec is required for a KubeScheduler - expected: | - apiVersion: operator.openshift.io/v1 - kind: KubeScheduler - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.kubestorageversionmigrator.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.kubestorageversionmigrator.testsuite.yaml deleted file mode 100644 index a0b194406cf..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.kubestorageversionmigrator.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] KubeStorageVersionMigrator" -crd: 0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal KubeStorageVersionMigrator - initial: | - apiVersion: operator.openshift.io/v1 - kind: KubeStorageVersionMigrator - spec: {} # No spec is required for a KubeStorageVersionMigrator - expected: | - apiVersion: operator.openshift.io/v1 - kind: KubeStorageVersionMigrator - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.machineconfiguration.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.machineconfiguration.testsuite.yaml deleted file mode 100644 index 73496f761cd..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.machineconfiguration.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] MachineConfiguration" -crd: 0000_80_machine-config-operator_01_config-Default.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal MachineConfiguration - initial: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: {} # No spec is required for a MachineConfiguration - expected: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml deleted file mode 100644 index 2ebeaf4f5c7..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.network.testsuite.yaml +++ /dev/null @@ -1,682 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Network" -crd: 0000_70_cluster-network-operator_01.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Network - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: {} # No spec is required for a Network - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - - name: Should be able to pass a valid IPV4 CIDR to IPV4 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv4: - internalMasqueradeSubnet: "169.254.168.0/29" - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - routingViaHost: false - ipv4: - internalMasqueradeSubnet: "169.254.168.0/29" - ipsecConfig: - mode: Disabled - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - - name: Should not be able to pass CIDR with a subnet larger than /29 to IPV4 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv4: - internalMasqueradeSubnet: 10.10.10.10/32 - expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /29 inclusive" - - name: Should not be able to pass CIDR with a subnet smaller than /0 to IPV4 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv4: - internalMasqueradeSubnet: 10.10.10.10/-1 - expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /29 inclusive" - - name: Should not be able to add an IP address with the incorrect number of octets to IPV4 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv4: - internalMasqueradeSubnet: 10.10.10/24 - expectedError: "Invalid value: \"string\": a valid IPv4 address must contain 4 octets" - - name: Should not be able to add an IP address with leading zeros in an octet to IPV4 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv4: - internalMasqueradeSubnet: 10.10.010.10/24 - expectedError: "Invalid value: \"string\": IP address octets must not contain leading zeros, and must be less or equal to 255" - - name: Should not be able to add an IP address with with zero for the first octet to internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv4: - internalMasqueradeSubnet: 0.10.10.10/24 - expectedError: "Invalid value: \"string\": first IP address octet must not contain leading zeros, must be greater than 0 and less or equal to 255" - - name: Should not be able to add an IP address with an octet greater than 255 to IPV4 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv4: - internalMasqueradeSubnet: 10.10.10.256/24 - expectedError: "Invalid value: \"string\": IP address octets must not contain leading zeros, and must be less or equal to 255" - - name: Should be able to pass a valid IPV6 CIDR to IPV6 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345:6789/125" - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345:6789/125" - routingViaHost: false - ipsecConfig: - mode: Disabled - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - - name: Should be able to pass a valid shorthand IPV6 CIDR to IPV6 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: "abcd:ef01:2345:6789::2345:6789/20" - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - routingViaHost: false - ipv6: - internalMasqueradeSubnet: "abcd:ef01:2345:6789::2345:6789/20" - ipsecConfig: - mode: Disabled - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - - name: Should not be able to pass invalid IPV6 CIDR to IPV6 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: "foo" - expectedError: "Invalid value: \"string\": subnet must be in the range /0 to /125 inclusive" - - name: Should not be able to add an IP address with the more than 8 octets to IPV6 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: abcd:ef01:2345:6789:abcd:ef01:2345:6789:abcd/125 - expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" - - name: Should not be able to add a dual IP address to IPV6 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: abcd:ef01:2345:6789:abcd:ef01:2345:1.2.3.4/125 - expectedError: "Invalid value: \"string\": IPv6 dual addresses are not permitted, value should not contain `.` characters" - - name: Should be able to pass a double elided IPV6 CIDR to IPV6 internalMasqueradeSubnet - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: "abcd::ef01::2345:6789/20" - expectedError: "Invalid value: \"string\": IPv6 addresses must contain at most one '::' and may only be shortened once" - - name: "Should not be able to pass a complete IPV6 CIDR with a :: expander to v6InternalMasqueradeSubnet" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: "abcd:ef01:2345:6789::abcd:ef01:2345:6789/125" - expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" - - name: Should not be able to pass a IPV6 CIDR without enough segments to v6InternalMasqueradeSubnet" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345/125" - expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" - - name: "Should not be able to pass an elided IPV6 CIDR with only a single empty segment to IPV6 internalMasqueradeSubnet" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: "abcd:ef01:2345:6789:abcd:ef01:2345::/125" - expectedError: "Invalid value: \"string\": a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" - - name: "Should not be able to pass an invalid IPV6 CIDR with a segment that contains invalid values" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: "xbcd:ef01:2345:6789::2345:6789/20" - expectedError: "Invalid value: \"string\": each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 1" - - name: "Should not be able to pass an invalid IPV6 CIDR with a segment that is 5 characters long" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipv6: - internalMasqueradeSubnet: "abcd:eff01:2345:6789::2345:6789/20" - expectedError: "Invalid value: \"string\": each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 2" - - name: Should be able to create migration mode - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - migration: - mode: Live - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - migration: - mode: Live - - name: Should be able to create mtu migration without setting the migration mode - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - migration: - mtu: - network: - from: 1450 - to: 1400 - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - migration: - mtu: - network: - from: 1450 - to: 1400 - - name: Should be able to create networkType migration in in offline migration mode - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - migration: - networkType: OVNKubernetes - mode: Offline - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - migration: - networkType: OVNKubernetes - mode: Offline - - name: Should throw an error when mtu and networkType migration is created in offline migration mode - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - migration: - networkType: OVNKubernetes - mtu: - network: - from: 1450 - to: 1400 - mode: Offline - expectedError: "networkType migration in mode other than 'Live' may not be configured at the same time as mtu migration" - - name: Should be able to create mtu and networkType migration in live migration mode - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - migration: - networkType: OVNKubernetes - mtu: - network: - from: 1450 - to: 1400 - mode: Live - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - migration: - networkType: OVNKubernetes - mtu: - network: - from: 1450 - to: 1400 - mode: Live - - name: "IPsec - Empty ipsecConfig is allowed in initial state" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: {} - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: {} - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - - name: "IPsec - Populated ipsecConfig is allowed" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: - mode: Full - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: - mode: Full - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - - name: "IPsec - Start without setting ipsecConfig" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: {} - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - - name: "IPsec - empty string is not allowed" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: - mode: "" - expectedError: "Unsupported value: \"\": supported values: \"Disabled\", \"External\", \"Full\"" - # Due to a limitation with current K8s capabilities, we have to implement custom ratcheting validation with - # XValidation rules. However, when oldSelf is not present, our rule will not be evaluated. Given that our - # rule is applied to the spec:, if the resource is not present, the rule will not be evaluated at all due to the - # absence of oldSelf. - # Therefore, it *is* possible to create a Network CR with an invalid configuration, albeit in practice, the - # Network CR would already exist unless admins explicitly delete and recreate it. - - name: "Should be able to pass an invalid ipForwarding value on create due to limitations with xValidation (FIXME)" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipForwarding: "invalid" - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipForwarding: "invalid" - routingViaHost: false - ipsecConfig: - mode: Disabled - disableNetworkDiagnostics: false - logLevel: "Normal" - operatorLogLevel: "Normal" - - name: "Should be able to pass a valid ipForwarding value on create" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipForwarding: "Global" - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipForwarding: "Global" - routingViaHost: false - ipsecConfig: - mode: Disabled - disableNetworkDiagnostics: false - logLevel: "Normal" - operatorLogLevel: "Normal" - onUpdate: - - name: "IPsec - Removing ipsecConfig.mode is not allowed" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: - mode: Full - updated: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: {} - expectedError: "ipsecConfig.mode is required" - - name: "IPsec - Disabling IPsec" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: - mode: Full - updated: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: - mode: Disabled - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: - mode: Disabled - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - - name: "IPsec - Empty ipsecConfig when changing other parameters" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: {} - updated: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: {} - mtu: 5888 - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - ipsecConfig: {} - mtu: 5888 - disableNetworkDiagnostics: false - logLevel: Normal - operatorLogLevel: Normal - - name: "Should not allow an empty spec Network operator to update ipForwarding to an invalid value" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: {} - updated: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipForwarding: "invalid" - expectedError: "invalid value for IPForwarding, valid values are 'Restricted' or 'Global'" - - name: "Should not allow network operator to update ipForwarding from a valid to an invalid value" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipForwarding: "Global" - updated: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipForwarding: "invalid" - expectedError: "invalid value for IPForwarding, valid values are 'Restricted' or 'Global'" - - name: "Should not allow network operator to update ipForwarding from a valid to an empty (invalid) value" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipForwarding: "Global" - updated: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipForwarding: "" - expectedError: "invalid value for IPForwarding, valid values are 'Restricted' or 'Global'" - - name: "Should allow network operator to update ipForwarding to a valid value" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipForwarding: "Global" - updated: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipForwarding: "Restricted" - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipForwarding: "Restricted" - routingViaHost: false - ipsecConfig: - mode: Disabled - disableNetworkDiagnostics: false - logLevel: "Normal" - operatorLogLevel: "Normal" - - name: "Should allow network operator to keep an old invalid ipForwarding value" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipForwarding: "invalid" - updated: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipForwarding: "invalid" - disableNetworkDiagnostics: true - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipForwarding: "invalid" - routingViaHost: false - ipsecConfig: - mode: Disabled - disableNetworkDiagnostics: true - logLevel: "Normal" - operatorLogLevel: "Normal" - - name: "Should allow network operator to remove ipForwarding value" - initial: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - ipForwarding: "Global" - updated: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: {} - expected: | - apiVersion: operator.openshift.io/v1 - kind: Network - spec: - defaultNetwork: - ovnKubernetesConfig: - gatewayConfig: - routingViaHost: false - ipsecConfig: - mode: Disabled - disableNetworkDiagnostics: false - logLevel: "Normal" - operatorLogLevel: "Normal" diff --git a/vendor/github.com/openshift/api/operator/v1/stable.openshiftapiserver.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.openshiftapiserver.testsuite.yaml deleted file mode 100644 index 385c2940bae..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.openshiftapiserver.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] OpenShiftAPIServer" -crd: 0000_30_openshift-apiserver-operator_01_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal OpenShiftAPIServer - initial: | - apiVersion: operator.openshift.io/v1 - kind: OpenShiftAPIServer - spec: {} # No spec is required for a OpenShiftAPIServer - expected: | - apiVersion: operator.openshift.io/v1 - kind: OpenShiftAPIServer - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.openshiftcontrollermanager.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.openshiftcontrollermanager.testsuite.yaml deleted file mode 100644 index 05c1cf66fd4..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.openshiftcontrollermanager.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] OpenShiftControllerManager" -crd: 0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal OpenShiftControllerManager - initial: | - apiVersion: operator.openshift.io/v1 - kind: OpenShiftControllerManager - spec: {} # No spec is required for a OpenShiftControllerManager - expected: | - apiVersion: operator.openshift.io/v1 - kind: OpenShiftControllerManager - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.serviceca.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.serviceca.testsuite.yaml deleted file mode 100644 index 04634614269..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.serviceca.testsuite.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ServiceCA" -crd: 0000_50_service-ca-operator_02_crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ServiceCA - initial: | - apiVersion: operator.openshift.io/v1 - kind: ServiceCA - spec: {} # No spec is required for a ServiceCA - expected: | - apiVersion: operator.openshift.io/v1 - kind: ServiceCA - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/stable.storage.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/stable.storage.testsuite.yaml deleted file mode 100644 index 98afa6ea722..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/stable.storage.testsuite.yaml +++ /dev/null @@ -1,113 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Storage" -crd: 0000_50_cluster_storage_operator_01_crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Storage - initial: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: {} # No spec is required for a Storage - expected: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - logLevel: Normal - operatorLogLevel: Normal - onCreate: - - name: Should allow creating Storage with vsphere migration enabled - initial: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: CSIWithMigrationDriver - expected: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: CSIWithMigrationDriver - logLevel: Normal - operatorLogLevel: Normal - onCreate: - - name: Should not allow creating Storage with vsphere migration disabled - initial: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: LegacyDeprecatedInTreeDriver - expectedError: "VSphereStorageDriver can not be set to LegacyDeprecatedInTreeDriver" - onUpdate: - - name: Should allow enabling CSI migration for vSphere - initial: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: {} # No spec is required - updated: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: CSIWithMigrationDriver - expected: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: CSIWithMigrationDriver - logLevel: Normal - operatorLogLevel: Normal - - name: Should not allow disabling CSI migration for vSphere - initial: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: {} # No spec is required - updated: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: LegacyDeprecatedInTreeDriver - expectedError: "VSphereStorageDriver can not be set to LegacyDeprecatedInTreeDriver" - - name: Should not allow changing CSIWithMigrationDriver to LegacyDeprecatedInTreeDriver - initial: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: CSIWithMigrationDriver - updated: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: LegacyDeprecatedInTreeDriver - expectedError: "VSphereStorageDriver can not be set to LegacyDeprecatedInTreeDriver" - - name: Should allow changing CSIWithMigrationDriver to empty string - initial: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: CSIWithMigrationDriver - updated: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: "" - expected: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: "" - logLevel: Normal - operatorLogLevel: Normal - - name: Should allow unsetting VSphereStorageDriver once it is set - initial: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - vsphereStorageDriver: CSIWithMigrationDriver - updated: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: {} - expected: | - apiVersion: operator.openshift.io/v1 - kind: Storage - spec: - logLevel: Normal - operatorLogLevel: Normal diff --git a/vendor/github.com/openshift/api/operator/v1/techpreview.etcd.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/techpreview.etcd.testsuite.yaml deleted file mode 100644 index 27108a3af18..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/techpreview.etcd.testsuite.yaml +++ /dev/null @@ -1,62 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreview] Etcd" -crd: 0000_12_etcd-operator_01_config-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create with Standard hardware speed - initial: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - controlPlaneHardwareSpeed: Standard - expected: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - logLevel: Normal - operatorLogLevel: Normal - controlPlaneHardwareSpeed: Standard - - name: Should be able to create with Slower hardware speed - initial: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - controlPlaneHardwareSpeed: Slower - expected: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - logLevel: Normal - operatorLogLevel: Normal - controlPlaneHardwareSpeed: Slower - onUpdate: - - name: Should be able to create with Standard, then set to Slower - initial: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - controlPlaneHardwareSpeed: Standard - updated: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - controlPlaneHardwareSpeed: Slower - expected: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - logLevel: Normal - operatorLogLevel: Normal - controlPlaneHardwareSpeed: Slower - - name: Should not be allowed to try to set invalid hardware speed - initial: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - controlPlaneHardwareSpeed: Standard - updated: | - apiVersion: operator.openshift.io/v1 - kind: Etcd - spec: - controlPlaneHardwareSpeed: foo - expectedError: Unsupported value diff --git a/vendor/github.com/openshift/api/operator/v1/techpreview.machineconfiguration.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1/techpreview.machineconfiguration.testsuite.yaml deleted file mode 100644 index af780b9673a..00000000000 --- a/vendor/github.com/openshift/api/operator/v1/techpreview.machineconfiguration.testsuite.yaml +++ /dev/null @@ -1,117 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreviewNoUpgrade] MachineConfiguration" -crd: 0000_80_machine-config-operator_01_config-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal MachineConfiguration - initial: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: {} # No spec is required for a MachineConfiguration - expected: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: - logLevel: Normal - operatorLogLevel: Normal - - name: Should be able to create an empty ManagedBootImages configuration knob - initial: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: - managedBootImages: - machineManagers: [] - expected: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: - logLevel: Normal - operatorLogLevel: Normal - managedBootImages: - machineManagers: [] - - name: Should be able to create a ManagedBootImages configuration knob that opts in all MachineSets - initial: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: - managedBootImages: - machineManagers: - - resource: machinesets - apiGroup: machine.openshift.io - selection: - mode: All - expected: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: - logLevel: Normal - operatorLogLevel: Normal - managedBootImages: - machineManagers: - - resource: machinesets - apiGroup: machine.openshift.io - selection: - mode: All - - name: Should be able to create a ManagedBootImages configuration knob that opts in MachineSets in partial mode - initial: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: - managedBootImages: - machineManagers: - - resource: machinesets - apiGroup: machine.openshift.io - selection: - mode: Partial - partial: - machineResourceSelector: - matchLabels: {} - expected: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: - logLevel: Normal - operatorLogLevel: Normal - managedBootImages: - machineManagers: - - resource: machinesets - apiGroup: machine.openshift.io - selection: - mode: Partial - partial: - machineResourceSelector: - matchLabels: {} - - name: Should not be able to add partial field if machineManager.selection.mode is not set to Partial - initial: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: - managedBootImages: - machineManagers: - - resource: machinesets - apiGroup: machine.openshift.io - selection: - mode: All - partial: - machineResourceSelector: - matchLabels: {} - expectedError: "Partial is required when type is partial, and forbidden otherwise" - - name: Only one unique pair of resource/apigroup is allowed in machineManagers - initial: | - apiVersion: operator.openshift.io/v1 - kind: MachineConfiguration - spec: - managedBootImages: - machineManagers: - - resource: machinesets - apiGroup: machine.openshift.io - selection: - mode: Partial - partial: - machineResourceSelector: - matchLabels: {} - - resource: machinesets - apiGroup: machine.openshift.io - selection: - mode: All - expectedError: "spec.managedBootImages.machineManagers[1]: Duplicate value: map[string]interface {}{\"apiGroup\":\"machine.openshift.io\", \"resource\":\"machinesets\"}" diff --git a/vendor/github.com/openshift/api/operator/v1/types_authentication.go b/vendor/github.com/openshift/api/operator/v1/types_authentication.go index 414a3d12462..58d8748d970 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_authentication.go +++ b/vendor/github.com/openshift/api/operator/v1/types_authentication.go @@ -11,9 +11,8 @@ import ( // +kubebuilder:resource:path=authentications,scope=Cluster // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 -// +openshift:file-pattern=0000_50_cluster-authentication-operator_01_configMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=authentication,operatorOrdering=01 // +kubebuilder:metadata:annotations=include.release.openshift.io/self-managed-high-availability=true -// +kubebuilder:metadata:annotations=include.release.openshift.io/single-node-developer=true // Authentication provides information to configure an operator to manage authentication. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_cloudcredential.go b/vendor/github.com/openshift/api/operator/v1/types_cloudcredential.go index 4bf2023be35..9666b279222 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_cloudcredential.go +++ b/vendor/github.com/openshift/api/operator/v1/types_cloudcredential.go @@ -12,7 +12,7 @@ import ( // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/692 // +openshift:capability=CloudCredential -// +openshift:file-pattern=0000_40_cloud-credential-operator_00_configMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_40,operatorName=cloud-credential,operatorOrdering=00 // CloudCredential provides a means to configure an operator to manage CredentialsRequests. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_config.go b/vendor/github.com/openshift/api/operator/v1/types_config.go index 0967483cfee..e7c6d59dbb2 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_config.go +++ b/vendor/github.com/openshift/api/operator/v1/types_config.go @@ -11,7 +11,7 @@ import ( // +kubebuilder:resource:path=configs,scope=Cluster,categories=coreoperators // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/612 -// +openshift:file-pattern=0000_10_config-operator_01_configMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // Config specifies the behavior of the config operator which is responsible for creating the initial configuration of other components // on the cluster. The operator also handles installation, migration or synchronization of cloud configurations for AWS and Azure cloud based clusters diff --git a/vendor/github.com/openshift/api/operator/v1/types_console.go b/vendor/github.com/openshift/api/operator/v1/types_console.go index 4e37094029e..474253d5d71 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_console.go +++ b/vendor/github.com/openshift/api/operator/v1/types_console.go @@ -13,7 +13,7 @@ import ( // +kubebuilder:resource:path=consoles,scope=Cluster // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/486 -// +openshift:file-pattern=00_console-operatorMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=console,operatorOrdering=01 // Console provides a means to configure an operator to manage the console. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go index bcc73f7594c..349c8d461d5 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go @@ -20,7 +20,7 @@ import ( // +kubebuilder:resource:path=clustercsidrivers,scope=Cluster // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/701 -// +openshift:file-pattern=0000_90_cluster_csi_driver_01_configMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_90,operatorName=csi-driver,operatorOrdering=01 // ClusterCSIDriver object allows management and configuration of a CSI driver operator // installed by default in OpenShift. Name of the object must be name of the CSI driver @@ -281,6 +281,35 @@ type VSphereCSIDriverConfigSpec struct { // will be rejected. // +optional TopologyCategories []string `json:"topologyCategories,omitempty"` + + // globalMaxSnapshotsPerBlockVolume is a global configuration parameter that applies to volumes on all kinds of + // datastores. If omitted, the platform chooses a default, which is subject to change over time, currently that default is 3. + // Snapshots can not be disabled using this parameter. + // Increasing number of snapshots above 3 can have negative impact on performance, for more details see: https://kb.vmware.com/s/article/1025279 + // Volume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=32 + // +openshift:enable:FeatureGate=VSphereDriverConfiguration + // +optional + GlobalMaxSnapshotsPerBlockVolume *uint32 `json:"globalMaxSnapshotsPerBlockVolume,omitempty"` + + // granularMaxSnapshotsPerBlockVolumeInVSAN is a granular configuration parameter on vSAN datastore only. It + // overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. + // Snapshots for VSAN can not be disabled using this parameter. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=32 + // +openshift:enable:FeatureGate=VSphereDriverConfiguration + // +optional + GranularMaxSnapshotsPerBlockVolumeInVSAN *uint32 `json:"granularMaxSnapshotsPerBlockVolumeInVSAN,omitempty"` + + // granularMaxSnapshotsPerBlockVolumeInVVOL is a granular configuration parameter on Virtual Volumes datastore only. + // It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. + // Snapshots for VVOL can not be disabled using this parameter. + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=32 + // +openshift:enable:FeatureGate=VSphereDriverConfiguration + // +optional + GranularMaxSnapshotsPerBlockVolumeInVVOL *uint32 `json:"granularMaxSnapshotsPerBlockVolumeInVVOL,omitempty"` } // ClusterCSIDriverStatus is the observed status of CSI driver operator diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_snapshot.go b/vendor/github.com/openshift/api/operator/v1/types_csi_snapshot.go index 7f4b738bd2b..f96384819c4 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_csi_snapshot.go +++ b/vendor/github.com/openshift/api/operator/v1/types_csi_snapshot.go @@ -11,7 +11,7 @@ import ( // +kubebuilder:resource:path=csisnapshotcontrollers,scope=Cluster // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/562 -// +openshift:file-pattern=0000_80_csi_snapshot_controller_operator_01_MARKERScrd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_80,operatorName=csi-snapshot-controller,operatorOrdering=01 // CSISnapshotController provides a means to configure an operator to manage the CSI snapshots. `cluster` is the canonical name. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_dns.go b/vendor/github.com/openshift/api/operator/v1/types_dns.go index fb446ef73b9..3d7cbb6c00a 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_dns.go +++ b/vendor/github.com/openshift/api/operator/v1/types_dns.go @@ -14,7 +14,7 @@ import ( // +kubebuilder:subresource:status // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 -// +openshift:file-pattern=0000_70_dns-operator_00MARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_70,operatorName=dns,operatorOrdering=00 // DNS manages the CoreDNS component to provide a name resolution service // for pods and services in the cluster. diff --git a/vendor/github.com/openshift/api/operator/v1/types_etcd.go b/vendor/github.com/openshift/api/operator/v1/types_etcd.go index 4d88f6c282f..a2ba1268974 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_etcd.go +++ b/vendor/github.com/openshift/api/operator/v1/types_etcd.go @@ -11,7 +11,7 @@ import ( // +kubebuilder:resource:path=etcds,scope=Cluster,categories=coreoperators // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/752 -// +openshift:file-pattern=0000_12_etcd-operator_01_configMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_12,operatorName=etcd,operatorOrdering=01 // Etcd provides information to configure an operator to manage etcd. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/vendor/github.com/openshift/api/operator/v1/types_ingress.go index 154774dcd6b..64419ddfc08 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/operator/v1/types_ingress.go @@ -17,7 +17,7 @@ import ( // +kubebuilder:resource:path=ingresscontrollers,scope=Namespaced // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/616 // +openshift:capability=Ingress -// +openshift:file-pattern=0000_50_ingress-operator_00-ingresscontrollerMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=ingress,operatorOrdering=00 // IngressController describes a managed ingress controller for the cluster. The // controller can service OpenShift Route and Kubernetes Ingress resources. @@ -1649,6 +1649,23 @@ type IngressControllerTuningOptions struct { // +optional TunnelTimeout *metav1.Duration `json:"tunnelTimeout,omitempty"` + // ConnectTimeout defines the maximum time to wait for + // a connection attempt to a server/backend to succeed. + // + // This field expects an unsigned duration string of decimal numbers, each with optional + // fraction and a unit suffix, e.g. "300ms", "1.5h" or "2h45m". + // Valid time units are "ns", "us" (or "µs" U+00B5 or "μs" U+03BC), "ms", "s", "m", "h". + // + // When omitted, this means the user has no opinion and the platform is left + // to choose a reasonable default. This default is subject to change over time. + // The current default is 5s. + // + // +kubebuilder:validation:Optional + // +kubebuilder:validation:Pattern=^(0|([0-9]+(\.[0-9]+)?(ns|us|µs|μs|ms|s|m|h))+)$ + // +kubebuilder:validation:Type:=string + // +optional + ConnectTimeout *metav1.Duration `json:"connectTimeout,omitempty"` + // tlsInspectDelay defines how long the router can hold data to find a // matching route. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_insights.go b/vendor/github.com/openshift/api/operator/v1/types_insights.go index 780902b5ae5..56e2b51c14c 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_insights.go +++ b/vendor/github.com/openshift/api/operator/v1/types_insights.go @@ -11,7 +11,7 @@ import ( // +kubebuilder:resource:path=insightsoperators,scope=Cluster // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1237 -// +openshift:file-pattern=0000_50_insights-operator_00-insightsoperatorMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=insights,operatorOrdering=00 // // InsightsOperator holds cluster-wide information about the Insights Operator. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go b/vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go index ca19d7ef817..5c9d43a2a21 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_kubeapiserver.go @@ -11,7 +11,7 @@ import ( // +kubebuilder:resource:path=kubeapiservers,scope=Cluster,categories=coreoperators // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 -// +openshift:file-pattern=0000_20_kube-apiserver-operator_01_configMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_20,operatorName=kube-apiserver,operatorOrdering=01 // KubeAPIServer provides information to configure an operator to manage kube-apiserver. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_kubecontrollermanager.go b/vendor/github.com/openshift/api/operator/v1/types_kubecontrollermanager.go index 4b8b6b987f7..93ab209a0d5 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_kubecontrollermanager.go +++ b/vendor/github.com/openshift/api/operator/v1/types_kubecontrollermanager.go @@ -11,7 +11,7 @@ import ( // +kubebuilder:resource:path=kubecontrollermanagers,scope=Cluster,categories=coreoperators // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 -// +openshift:file-pattern=0000_25_kube-controller-manager-operator_01_configMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_25,operatorName=kube-controller-manager,operatorOrdering=01 // KubeControllerManager provides information to configure an operator to manage kube-controller-manager. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_kubestorageversionmigrator.go b/vendor/github.com/openshift/api/operator/v1/types_kubestorageversionmigrator.go index f952be6f8af..470dc5097da 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_kubestorageversionmigrator.go +++ b/vendor/github.com/openshift/api/operator/v1/types_kubestorageversionmigrator.go @@ -11,7 +11,7 @@ import ( // +kubebuilder:resource:path=kubestorageversionmigrators,scope=Cluster // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/503 -// +openshift:file-pattern=0000_40_kube-storage-version-migrator-operator_00_configMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_40,operatorName=kube-storage-version-migrator,operatorOrdering=00 // KubeStorageVersionMigrator provides information to configure an operator to manage kube-storage-version-migrator. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go b/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go index 4c1bac5eac5..8bc06a4ec29 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go +++ b/vendor/github.com/openshift/api/operator/v1/types_machineconfiguration.go @@ -11,7 +11,7 @@ import ( // +kubebuilder:resource:path=machineconfigurations,scope=Cluster // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1453 -// +openshift:file-pattern=0000_80_machine-config-operator_01_configMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_80,operatorName=machine-config,operatorOrdering=01 // MachineConfiguration provides information to configure an operator to manage Machine Configuration. // @@ -46,12 +46,25 @@ type MachineConfigurationSpec struct { // +openshift:enable:FeatureGate=ManagedBootImages // +optional ManagedBootImages ManagedBootImages `json:"managedBootImages"` + + // nodeDisruptionPolicy allows an admin to set granular node disruption actions for + // MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow + // for less downtime when doing small configuration updates to the cluster. This configuration + // has no effect on cluster upgrades which will still incur node disruption where required. + // +openshift:enable:FeatureGate=NodeDisruptionPolicy + // +optional + NodeDisruptionPolicy NodeDisruptionPolicyConfig `json:"nodeDisruptionPolicy"` } type MachineConfigurationStatus struct { + // TODO tombstone this field StaticPodOperatorStatus `json:",inline"` - // TODO(jkyros): This is where we can put additional bespoke status fields + // nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are, + // and will be used by the Machine Config Daemon during future node updates. + // +openshift:enable:FeatureGate=NodeDisruptionPolicy + // +optional + NodeDisruptionPolicyStatus NodeDisruptionPolicyStatus `json:"nodeDisruptionPolicyStatus"` } // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -158,3 +171,295 @@ const ( // This feature only supports MAPI machinesets at this time. MachineAPI MachineManagerMachineSetsAPIGroupType = "machine.openshift.io" ) + +type NodeDisruptionPolicyStatus struct { + // clusterPolicies is a merge of cluster default and user provided node disruption policies. + // +optional + ClusterPolicies NodeDisruptionPolicyClusterStatus `json:"clusterPolicies"` +} + +// NodeDisruptionPolicyConfig is the overall spec definition for files/units/sshkeys +type NodeDisruptionPolicyConfig struct { + // files is a list of MachineConfig file definitions and actions to take to changes on those paths + // This list supports a maximum of 50 entries. + // +optional + // +listType=map + // +listMapKey=path + // +kubebuilder:validation:MaxItems=50 + Files []NodeDisruptionPolicySpecFile `json:"files"` + // units is a list MachineConfig unit definitions and actions to take on changes to those services + // This list supports a maximum of 50 entries. + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=50 + Units []NodeDisruptionPolicySpecUnit `json:"units"` + // sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this + // will apply to all sshkey changes in the cluster + // +optional + SSHKey NodeDisruptionPolicySpecSSHKey `json:"sshkey"` +} + +// NodeDisruptionPolicyClusterStatus is the type for the status object, rendered by the controller as a +// merge of cluster defaults and user provided policies +type NodeDisruptionPolicyClusterStatus struct { + // files is a list of MachineConfig file definitions and actions to take to changes on those paths + // +optional + // +listType=map + // +listMapKey=path + // +kubebuilder:validation:MaxItems=100 + Files []NodeDisruptionPolicyStatusFile `json:"files,omitempty"` + // units is a list MachineConfig unit definitions and actions to take on changes to those services + // +optional + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=100 + Units []NodeDisruptionPolicyStatusUnit `json:"units,omitempty"` + // sshkey is the overall sshkey MachineConfig definition + // +optional + SSHKey NodeDisruptionPolicyStatusSSHKey `json:"sshkey,omitempty"` +} + +// NodeDisruptionPolicySpecFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object +type NodeDisruptionPolicySpecFile struct { + // path is the location of a file being managed through a MachineConfig. + // The Actions in the policy will apply to changes to the file at this path. + // +kubebuilder:validation:Required + Path string `json:"path"` + // actions represents the series of commands to be executed on changes to the file at + // the corresponding file path. Actions will be applied in the order that + // they are set in this list. If there are other incoming changes to other MachineConfig + // entries in the same update that require a reboot, the reboot will supercede these actions. + // Valid actions are Reboot, Drain, Reload, DaemonReload and None. + // The Reboot action and the None action cannot be used in conjunction with any of the other actions. + // This list supports a maximum of 10 entries. + // +kubebuilder:validation:Required + // +listType=atomic + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='Reboot') ? size(self) == 1 : true", message="Reboot action can only be specified standalone, as it will override any other actions" + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='None') ? size(self) == 1 : true", message="None action can only be specified standalone, as it will override any other actions" + Actions []NodeDisruptionPolicySpecAction `json:"actions"` +} + +// NodeDisruptionPolicyStatusFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object +type NodeDisruptionPolicyStatusFile struct { + // path is the location of a file being managed through a MachineConfig. + // The Actions in the policy will apply to changes to the file at this path. + // +kubebuilder:validation:Required + Path string `json:"path"` + // actions represents the series of commands to be executed on changes to the file at + // the corresponding file path. Actions will be applied in the order that + // they are set in this list. If there are other incoming changes to other MachineConfig + // entries in the same update that require a reboot, the reboot will supercede these actions. + // Valid actions are Reboot, Drain, Reload, DaemonReload and None. + // The Reboot action and the None action cannot be used in conjunction with any of the other actions. + // This list supports a maximum of 10 entries. + // +kubebuilder:validation:Required + // +listType=atomic + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='Reboot') ? size(self) == 1 : true", message="Reboot action can only be specified standalone, as it will override any other actions" + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='None') ? size(self) == 1 : true", message="None action can only be specified standalone, as it will override any other actions" + Actions []NodeDisruptionPolicyStatusAction `json:"actions"` +} + +// NodeDisruptionPolicySpecUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object +type NodeDisruptionPolicySpecUnit struct { + // name represents the service name of a systemd service managed through a MachineConfig + // Actions specified will be applied for changes to the named service. + // Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + // ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + // ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + // +kubebuilder:validation:Required + Name NodeDisruptionPolicyServiceName `json:"name"` + + // actions represents the series of commands to be executed on changes to the file at + // the corresponding file path. Actions will be applied in the order that + // they are set in this list. If there are other incoming changes to other MachineConfig + // entries in the same update that require a reboot, the reboot will supercede these actions. + // Valid actions are Reboot, Drain, Reload, DaemonReload and None. + // The Reboot action and the None action cannot be used in conjunction with any of the other actions. + // This list supports a maximum of 10 entries. + // +kubebuilder:validation:Required + // +listType=atomic + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='Reboot') ? size(self) == 1 : true", message="Reboot action can only be specified standalone, as it will override any other actions" + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='None') ? size(self) == 1 : true", message="None action can only be specified standalone, as it will override any other actions" + Actions []NodeDisruptionPolicySpecAction `json:"actions"` +} + +// NodeDisruptionPolicyStatusUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object +type NodeDisruptionPolicyStatusUnit struct { + // name represents the service name of a systemd service managed through a MachineConfig + // Actions specified will be applied for changes to the named service. + // Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + // ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + // ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + // +kubebuilder:validation:Required + Name NodeDisruptionPolicyServiceName `json:"name"` + + // actions represents the series of commands to be executed on changes to the file at + // the corresponding file path. Actions will be applied in the order that + // they are set in this list. If there are other incoming changes to other MachineConfig + // entries in the same update that require a reboot, the reboot will supercede these actions. + // Valid actions are Reboot, Drain, Reload, DaemonReload and None. + // The Reboot action and the None action cannot be used in conjunction with any of the other actions. + // This list supports a maximum of 10 entries. + // +kubebuilder:validation:Required + // +listType=atomic + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='Reboot') ? size(self) == 1 : true", message="Reboot action can only be specified standalone, as it will override any other actions" + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='None') ? size(self) == 1 : true", message="None action can only be specified standalone, as it will override any other actions" + Actions []NodeDisruptionPolicyStatusAction `json:"actions"` +} + +// NodeDisruptionPolicySpecSSHKey is actions to take for any SSHKey change and is used in the NodeDisruptionPolicyConfig object +type NodeDisruptionPolicySpecSSHKey struct { + // actions represents the series of commands to be executed on changes to the file at + // the corresponding file path. Actions will be applied in the order that + // they are set in this list. If there are other incoming changes to other MachineConfig + // entries in the same update that require a reboot, the reboot will supercede these actions. + // Valid actions are Reboot, Drain, Reload, DaemonReload and None. + // The Reboot action and the None action cannot be used in conjunction with any of the other actions. + // This list supports a maximum of 10 entries. + // +kubebuilder:validation:Required + // +listType=atomic + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='Reboot') ? size(self) == 1 : true", message="Reboot action can only be specified standalone, as it will override any other actions" + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='None') ? size(self) == 1 : true", message="None action can only be specified standalone, as it will override any other actions" + Actions []NodeDisruptionPolicySpecAction `json:"actions"` +} + +// NodeDisruptionPolicyStatusSSHKey is actions to take for any SSHKey change and is used in the NodeDisruptionPolicyClusterStatus object +type NodeDisruptionPolicyStatusSSHKey struct { + // actions represents the series of commands to be executed on changes to the file at + // the corresponding file path. Actions will be applied in the order that + // they are set in this list. If there are other incoming changes to other MachineConfig + // entries in the same update that require a reboot, the reboot will supercede these actions. + // Valid actions are Reboot, Drain, Reload, DaemonReload and None. + // The Reboot action and the None action cannot be used in conjunction with any of the other actions. + // This list supports a maximum of 10 entries. + // +kubebuilder:validation:Required + // +listType=atomic + // +kubebuilder:validation:MaxItems=10 + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='Reboot') ? size(self) == 1 : true", message="Reboot action can only be specified standalone, as it will override any other actions" + // +kubebuilder:validation:XValidation:rule="self.exists(x, x.type=='None') ? size(self) == 1 : true", message="None action can only be specified standalone, as it will override any other actions" + Actions []NodeDisruptionPolicyStatusAction `json:"actions"` +} + +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Reload' ? has(self.reload) : !has(self.reload)",message="reload is required when type is Reload, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Restart' ? has(self.restart) : !has(self.restart)",message="restart is required when type is Restart, and forbidden otherwise" +// +union +type NodeDisruptionPolicySpecAction struct { + // type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed + // Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. + // reload/restart requires a corresponding service target specified in the reload/restart field. + // Other values require no further configuration + // +unionDiscriminator + // +kubebuilder:validation:Required + Type NodeDisruptionPolicySpecActionType `json:"type"` + // reload specifies the service to reload, only valid if type is reload + // +optional + Reload *ReloadService `json:"reload,omitempty"` + // restart specifies the service to restart, only valid if type is restart + // +optional + Restart *RestartService `json:"restart,omitempty"` +} + +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Reload' ? has(self.reload) : !has(self.reload)",message="reload is required when type is Reload, and forbidden otherwise" +// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type == 'Restart' ? has(self.restart) : !has(self.restart)",message="restart is required when type is Restart, and forbidden otherwise" +// +union +type NodeDisruptionPolicyStatusAction struct { + // type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed + // Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. + // reload/restart requires a corresponding service target specified in the reload/restart field. + // Other values require no further configuration + // +unionDiscriminator + // +kubebuilder:validation:Required + Type NodeDisruptionPolicyStatusActionType `json:"type"` + // reload specifies the service to reload, only valid if type is reload + // +optional + Reload *ReloadService `json:"reload,omitempty"` + // restart specifies the service to restart, only valid if type is restart + // +optional + Restart *RestartService `json:"restart,omitempty"` +} + +// ReloadService allows the user to specify the services to be reloaded +type ReloadService struct { + // serviceName is the full name (e.g. crio.service) of the service to be reloaded + // Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + // ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + // ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + // +kubebuilder:validation:Required + ServiceName NodeDisruptionPolicyServiceName `json:"serviceName"` +} + +// RestartService allows the user to specify the services to be restarted +type RestartService struct { + // serviceName is the full name (e.g. crio.service) of the service to be restarted + // Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. + // ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, ":", "-", "_", ".", and "\". + // ${SERVICETYPE} must be one of ".service", ".socket", ".device", ".mount", ".automount", ".swap", ".target", ".path", ".timer", ".snapshot", ".slice" or ".scope". + // +kubebuilder:validation:Required + ServiceName NodeDisruptionPolicyServiceName `json:"serviceName"` +} + +// NodeDisruptionPolicySpecActionType is a string enum used in a NodeDisruptionPolicySpecAction object. They describe an action to be performed. +// +kubebuilder:validation:Enum:="Reboot";"Drain";"Reload";"Restart";"DaemonReload";"None" +type NodeDisruptionPolicySpecActionType string + +// +kubebuilder:validation:XValidation:rule=`self.matches('\\.(service|socket|device|mount|automount|swap|target|path|timer|snapshot|slice|scope)$')`, message="Invalid ${SERVICETYPE} in service name. Expected format is ${NAME}${SERVICETYPE}, where ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\",\".snapshot\", \".slice\" or \".scope\"." +// +kubebuilder:validation:XValidation:rule=`self.matches('^[a-zA-Z0-9:._\\\\-]+\\..')`, message="Invalid ${NAME} in service name. Expected format is ${NAME}${SERVICETYPE}, where {NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\\\"" +// +kubebuilder:validation:MaxLength=255 +type NodeDisruptionPolicyServiceName string + +const ( + // Reboot represents an action that will cause nodes to be rebooted. This is the default action by the MCO + // if a reboot policy is not found for a change/update being performed by the MCO. + RebootSpecAction NodeDisruptionPolicySpecActionType = "Reboot" + + // Drain represents an action that will cause nodes to be drained of their workloads. + DrainSpecAction NodeDisruptionPolicySpecActionType = "Drain" + + // Reload represents an action that will cause nodes to reload the service described by the Target field. + ReloadSpecAction NodeDisruptionPolicySpecActionType = "Reload" + + // Restart represents an action that will cause nodes to restart the service described by the Target field. + RestartSpecAction NodeDisruptionPolicySpecActionType = "Restart" + + // DaemonReload represents an action that TBD + DaemonReloadSpecAction NodeDisruptionPolicySpecActionType = "DaemonReload" + + // None represents an action that no handling is required by the MCO. + NoneSpecAction NodeDisruptionPolicySpecActionType = "None" +) + +// NodeDisruptionPolicyStatusActionType is a string enum used in a NodeDisruptionPolicyStatusAction object. They describe an action to be performed. +// The key difference of this object from NodeDisruptionPolicySpecActionType is that there is a additional SpecialStatusAction value in this enum. This will only be +// used by the MCO's controller to indicate some internal actions. They are not part of the NodeDisruptionPolicyConfig object and cannot be set by the user. +// +kubebuilder:validation:Enum:="Reboot";"Drain";"Reload";"Restart";"DaemonReload";"None";"Special" +type NodeDisruptionPolicyStatusActionType string + +const ( + // Reboot represents an action that will cause nodes to be rebooted. This is the default action by the MCO + // if a reboot policy is not found for a change/update being performed by the MCO. + RebootStatusAction NodeDisruptionPolicyStatusActionType = "Reboot" + + // Drain represents an action that will cause nodes to be drained of their workloads. + DrainStatusAction NodeDisruptionPolicyStatusActionType = "Drain" + + // Reload represents an action that will cause nodes to reload the service described by the Target field. + ReloadStatusAction NodeDisruptionPolicyStatusActionType = "Reload" + + // Restart represents an action that will cause nodes to restart the service described by the Target field. + RestartStatusAction NodeDisruptionPolicyStatusActionType = "Restart" + + // DaemonReload represents an action that TBD + DaemonReloadStatusAction NodeDisruptionPolicyStatusActionType = "DaemonReload" + + // None represents an action that no handling is required by the MCO. + NoneStatusAction NodeDisruptionPolicyStatusActionType = "None" + + // Special represents an action that is internal to the MCO, and is not allowed in user defined NodeDisruption policies. + SpecialStatusAction NodeDisruptionPolicyStatusActionType = "Special" +) diff --git a/vendor/github.com/openshift/api/operator/v1/types_network.go b/vendor/github.com/openshift/api/operator/v1/types_network.go index 4007441b30b..b810e7859aa 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_network.go +++ b/vendor/github.com/openshift/api/operator/v1/types_network.go @@ -10,9 +10,8 @@ import ( // +kubebuilder:object:root=true // +kubebuilder:resource:path=networks,scope=Cluster // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 -// +openshift:file-pattern=0000_70_cluster-network-operator_01MARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_70,operatorName=network,operatorOrdering=01 // +kubebuilder:metadata:annotations=include.release.openshift.io/self-managed-high-availability=true -// +kubebuilder:metadata:annotations=include.release.openshift.io/single-node-developer=true // Network describes the cluster's desired network configuration. It is // consumed by the cluster-network-operator. @@ -136,7 +135,7 @@ const ( ) // NetworkMigration represents the cluster network configuration. -// +openshift:validation:FeatureGateAwareXValidation:featureGate=NetworkLiveMigration,rule="!has(self.mtu) || !has(self.networkType) || self.networkType == '' || has(self.mode) && self.mode == 'Live'",message="networkType migration in mode other than 'Live' may not be configured at the same time as mtu migration" +// +openshift:validation:FeatureGateAwareXValidation:featureGate=NetworkLiveMigration,rule="!has(self.mtu) || !has(self.networkType) || self.networkType == \"\" || has(self.mode) && self.mode == 'Live'",message="networkType migration in mode other than 'Live' may not be configured at the same time as mtu migration" type NetworkMigration struct { // networkType is the target type of network migration. Set this to the // target network type to allow changing the default network. If unset, the @@ -425,6 +424,84 @@ type OVNKubernetesConfig struct { // egressIPConfig holds the configuration for EgressIP options. // +optional EgressIPConfig EgressIPConfig `json:"egressIPConfig,omitempty"` + // ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, + // this means no opinions and the default configuration is used. Check individual + // fields within ipv4 for details of default values. + // +optional + IPv4 *IPv4OVNKubernetesConfig `json:"ipv4,omitempty"` + // ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, + // this means no opinions and the default configuration is used. Check individual + // fields within ipv4 for details of default values. + // +optional + IPv6 *IPv6OVNKubernetesConfig `json:"ipv6,omitempty"` +} + +type IPv4OVNKubernetesConfig struct { + // internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + // by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + // architecture that connects the cluster routers on each node together to enable + // east west traffic. The subnet chosen should not overlap with other networks + // specified for OVN-Kubernetes as well as other networks used on the host. + // The value cannot be changed after installation. + // When ommitted, this means no opinion and the platform is left to choose a reasonable + // default which is subject to change over time. + // The current default subnet is 100.88.0.0/16 + // The subnet must be large enough to accomadate one IP per node in your cluster + // The value must be in proper IPV4 CIDR format + // +kubebuilder:validation:MaxLength=18 + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 4",message="Subnet must be in valid IPV4 CIDR format" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 30",message="subnet must be in the range /0 to /30 inclusive" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && int(self.split('.')[0]) > 0",message="first IP address octet must not be 0" + // +optional + InternalTransitSwitchSubnet string `json:"internalTransitSwitchSubnet,omitempty"` + // internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the + // default one is being already used by something else. It must not overlap with + // any other subnet being used by OpenShift or by the node network. The size of the + // subnet must be larger than the number of nodes. The value cannot be changed + // after installation. + // The current default value is 100.64.0.0/16 + // The subnet must be large enough to accomadate one IP per node in your cluster + // The value must be in proper IPV4 CIDR format + // +kubebuilder:validation:MaxLength=18 + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 4",message="Subnet must be in valid IPV4 CIDR format" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 30",message="subnet must be in the range /0 to /30 inclusive" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && int(self.split('.')[0]) > 0",message="first IP address octet must not be 0" + // +optional + InternalJoinSubnet string `json:"internalJoinSubnet,omitempty"` +} + +type IPv6OVNKubernetesConfig struct { + // internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally + // by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect + // architecture that connects the cluster routers on each node together to enable + // east west traffic. The subnet chosen should not overlap with other networks + // specified for OVN-Kubernetes as well as other networks used on the host. + // The value cannot be changed after installation. + // When ommitted, this means no opinion and the platform is left to choose a reasonable + // default which is subject to change over time. + // The subnet must be large enough to accomadate one IP per node in your cluster + // The current default subnet is fd97::/64 + // The value must be in proper IPV6 CIDR format + // Note that IPV6 dual addresses are not permitted + // +kubebuilder:validation:MaxLength=48 + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 6",message="Subnet must be in valid IPV6 CIDR format" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 125",message="subnet must be in the range /0 to /125 inclusive" + // +optional + InternalTransitSwitchSubnet string `json:"internalTransitSwitchSubnet,omitempty"` + // internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the + // default one is being already used by something else. It must not overlap with + // any other subnet being used by OpenShift or by the node network. The size of the + // subnet must be larger than the number of nodes. The value cannot be changed + // after installation. + // The subnet must be large enough to accomadate one IP per node in your cluster + // The current default value is fd98::/48 + // The value must be in proper IPV6 CIDR format + // Note that IPV6 dual addresses are not permitted + // +kubebuilder:validation:MaxLength=48 + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 6",message="Subnet must be in valid IPV6 CIDR format" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 125",message="subnet must be in the range /0 to /125 inclusive" + // +optional + InternalJoinSubnet string `json:"internalJoinSubnet,omitempty"` } type HybridOverlayConfig struct { @@ -500,11 +577,9 @@ type IPv4GatewayConfig struct { // The current default subnet is 169.254.169.0/29 // The value must be in proper IPV4 CIDR format // +kubebuilder:validation:MaxLength=18 - // +kubebuilder:validation:XValidation:rule="self.indexOf('/') == self.lastIndexOf('/')",message="CIDR format must contain exactly one '/'" - // +kubebuilder:validation:XValidation:rule="[int(self.split('/')[1])].all(x, x <= 29 && x >= 0)",message="subnet must be in the range /0 to /29 inclusive" - // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split('.').size() == 4",message="a valid IPv4 address must contain 4 octets" - // +kubebuilder:validation:XValidation:rule="[self.findAll('[0-9]+')[0]].all(x, x != '0' && int(x) <= 255 && !x.startsWith('0'))",message="first IP address octet must not contain leading zeros, must be greater than 0 and less or equal to 255" - // +kubebuilder:validation:XValidation:rule="[self.findAll('[0-9]+')[1], self.findAll('[0-9]+')[2], self.findAll('[0-9]+')[3]].all(x, int(x) <= 255 && (x == '0' || !x.startsWith('0')))",message="IP address octets must not contain leading zeros, and must be less or equal to 255" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 4",message="Subnet must be in valid IPV4 CIDR format" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 29",message="subnet must be in the range /0 to /29 inclusive" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && int(self.split('.')[0]) > 0",message="first IP address octet must not be 0" // +optional InternalMasqueradeSubnet string `json:"internalMasqueradeSubnet,omitempty"` } @@ -520,19 +595,8 @@ type IPv6GatewayConfig struct { // When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. // The current default subnet is fd69::/125 // Note that IPV6 dual addresses are not permitted - // +kubebuilder:validation:XValidation:rule="self.indexOf('/') == self.lastIndexOf('/')",message="CIDR format must contain exactly one '/'" - // +kubebuilder:validation:XValidation:rule="self.split('/').size() == 2 && [int(self.split('/')[1])].all(x, x <= 125 && x >= 0)",message="subnet must be in the range /0 to /125 inclusive" - // +kubebuilder:validation:XValidation:rule="self.indexOf('::') == self.lastIndexOf('::')",message="IPv6 addresses must contain at most one '::' and may only be shortened once" - // +kubebuilder:validation:XValidation:rule="self.contains('::') ? self.split('/')[0].split(':').size() <= 8 : self.split('/')[0].split(':').size() == 8",message="a valid IPv6 address must contain 8 segments unless elided (::), in which case it must contain at most 6 non-empty segments" - // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=1 ? [self.split('/')[0].split(':', 8)[0]].all(x, x == '' || (x.matches('^[0-9A-Fa-f]{1,4}$')) && size(x)<5 ) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 1" - // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=2 ? [self.split('/')[0].split(':', 8)[1]].all(x, x == '' || (x.matches('^[0-9A-Fa-f]{1,4}$')) && size(x)<5 ) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 2" - // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=3 ? [self.split('/')[0].split(':', 8)[2]].all(x, x == '' || (x.matches('^[0-9A-Fa-f]{1,4}$')) && size(x)<5 ) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 3" - // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=4 ? [self.split('/')[0].split(':', 8)[3]].all(x, x == '' || (x.matches('^[0-9A-Fa-f]{1,4}$')) && size(x)<5 ) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 4" - // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=5 ? [self.split('/')[0].split(':', 8)[4]].all(x, x == '' || (x.matches('^[0-9A-Fa-f]{1,4}$')) && size(x)<5 ) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 5" - // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=6 ? [self.split('/')[0].split(':', 8)[5]].all(x, x == '' || (x.matches('^[0-9A-Fa-f]{1,4}$')) && size(x)<5 ) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 6" - // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=7 ? [self.split('/')[0].split(':', 8)[6]].all(x, x == '' || (x.matches('^[0-9A-Fa-f]{1,4}$')) && size(x)<5 ) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 7" - // +kubebuilder:validation:XValidation:rule="self.split('/')[0].split(':').size() >=8 ? [self.split('/')[0].split(':', 8)[7]].all(x, x == '' || (x.matches('^[0-9A-Fa-f]{1,4}$')) && size(x)<5 ) : true",message="each segment of an IPv6 address must be a hexadecimal number between 0 and FFFF, failed on segment 8" - // +kubebuilder:validation:XValidation:rule="!self.contains('.')",message="IPv6 dual addresses are not permitted, value should not contain `.` characters" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).ip().family() == 6",message="Subnet must be in valid IPV6 CIDR format" + // +kubebuilder:validation:XValidation:rule="isCIDR(self) && cidr(self).prefixLength() <= 125",message="subnet must be in the range /0 to /125 inclusive" // +optional InternalMasqueradeSubnet string `json:"internalMasqueradeSubnet,omitempty"` } diff --git a/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go b/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go index c0835b6ac58..3ae83e69487 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_openshiftapiserver.go @@ -11,7 +11,7 @@ import ( // +kubebuilder:resource:path=openshiftapiservers,scope=Cluster,categories=coreoperators // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 -// +openshift:file-pattern=0000_30_openshift-apiserver-operator_01_configMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_30,operatorName=openshift-apiserver,operatorOrdering=01 // OpenShiftAPIServer provides information to configure an operator to manage openshift-apiserver. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_openshiftcontrollermanager.go b/vendor/github.com/openshift/api/operator/v1/types_openshiftcontrollermanager.go index 48c2b52abd3..8e8929a903e 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_openshiftcontrollermanager.go +++ b/vendor/github.com/openshift/api/operator/v1/types_openshiftcontrollermanager.go @@ -11,7 +11,7 @@ import ( // +kubebuilder:resource:path=openshiftcontrollermanagers,scope=Cluster,categories=coreoperators // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 -// +openshift:file-pattern=0000_50_cluster-openshift-controller-manager-operator_02_configMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=openshift-controller-manager,operatorOrdering=02 // OpenShiftControllerManager provides information to configure an operator to manage openshift-controller-manager. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_scheduler.go b/vendor/github.com/openshift/api/operator/v1/types_scheduler.go index f91a9480d8f..448c458c199 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_scheduler.go +++ b/vendor/github.com/openshift/api/operator/v1/types_scheduler.go @@ -11,7 +11,7 @@ import ( // +kubebuilder:resource:path=kubeschedulers,scope=Cluster,categories=coreoperators // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 -// +openshift:file-pattern=0000_25_kube-scheduler-operator_01_configMARKERS.crd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_25,operatorName=kube-scheduler,operatorOrdering=01 // KubeScheduler provides information to configure an operator to manage scheduler. // diff --git a/vendor/github.com/openshift/api/operator/v1/types_serviceca.go b/vendor/github.com/openshift/api/operator/v1/types_serviceca.go index 9be7fe0f835..e4d8d1d7ad9 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_serviceca.go +++ b/vendor/github.com/openshift/api/operator/v1/types_serviceca.go @@ -11,7 +11,7 @@ import ( // +kubebuilder:resource:path=servicecas,scope=Cluster // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/475 -// +openshift:file-pattern=0000_50_service-ca-operator_02_MARKERScrd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=service-ca,operatorOrdering=02 // ServiceCA provides information to configure an operator to manage the service cert controllers // diff --git a/vendor/github.com/openshift/api/operator/v1/types_storage.go b/vendor/github.com/openshift/api/operator/v1/types_storage.go index 719b7eedec6..aa48b0c84f2 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_storage.go +++ b/vendor/github.com/openshift/api/operator/v1/types_storage.go @@ -11,7 +11,7 @@ import ( // +kubebuilder:resource:path=storages,scope=Cluster // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/670 -// +openshift:file-pattern=0000_50_cluster_storage_operator_01_MARKERScrd.yaml +// +openshift:file-pattern=cvoRunLevel=0000_50,operatorName=storage,operatorOrdering=01 // Storage provides a means to configure an operator to manage the cluster storage operator. `cluster` is the canonical name. // diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index aa05f328d62..d41982f2a26 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -1798,6 +1798,22 @@ func (in *IPv4GatewayConfig) DeepCopy() *IPv4GatewayConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPv4OVNKubernetesConfig) DeepCopyInto(out *IPv4OVNKubernetesConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPv4OVNKubernetesConfig. +func (in *IPv4OVNKubernetesConfig) DeepCopy() *IPv4OVNKubernetesConfig { + if in == nil { + return nil + } + out := new(IPv4OVNKubernetesConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IPv6GatewayConfig) DeepCopyInto(out *IPv6GatewayConfig) { *out = *in @@ -1814,6 +1830,22 @@ func (in *IPv6GatewayConfig) DeepCopy() *IPv6GatewayConfig { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IPv6OVNKubernetesConfig) DeepCopyInto(out *IPv6OVNKubernetesConfig) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IPv6OVNKubernetesConfig. +func (in *IPv6OVNKubernetesConfig) DeepCopy() *IPv6OVNKubernetesConfig { + if in == nil { + return nil + } + out := new(IPv6OVNKubernetesConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressController) DeepCopyInto(out *IngressController) { *out = *in @@ -2236,6 +2268,11 @@ func (in *IngressControllerTuningOptions) DeepCopyInto(out *IngressControllerTun *out = new(metav1.Duration) **out = **in } + if in.ConnectTimeout != nil { + in, out := &in.ConnectTimeout, &out.ConnectTimeout + *out = new(metav1.Duration) + **out = **in + } if in.TLSInspectDelay != nil { in, out := &in.TLSInspectDelay, &out.TLSInspectDelay *out = new(metav1.Duration) @@ -2936,6 +2973,7 @@ func (in *MachineConfigurationSpec) DeepCopyInto(out *MachineConfigurationSpec) *out = *in in.StaticPodOperatorSpec.DeepCopyInto(&out.StaticPodOperatorSpec) in.ManagedBootImages.DeepCopyInto(&out.ManagedBootImages) + in.NodeDisruptionPolicy.DeepCopyInto(&out.NodeDisruptionPolicy) return } @@ -2953,6 +2991,7 @@ func (in *MachineConfigurationSpec) DeepCopy() *MachineConfigurationSpec { func (in *MachineConfigurationStatus) DeepCopyInto(out *MachineConfigurationStatus) { *out = *in in.StaticPodOperatorStatus.DeepCopyInto(&out.StaticPodOperatorStatus) + in.NodeDisruptionPolicyStatus.DeepCopyInto(&out.NodeDisruptionPolicyStatus) return } @@ -3271,6 +3310,275 @@ func (in *NetworkStatus) DeepCopy() *NetworkStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyClusterStatus) DeepCopyInto(out *NodeDisruptionPolicyClusterStatus) { + *out = *in + if in.Files != nil { + in, out := &in.Files, &out.Files + *out = make([]NodeDisruptionPolicyStatusFile, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Units != nil { + in, out := &in.Units, &out.Units + *out = make([]NodeDisruptionPolicyStatusUnit, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.SSHKey.DeepCopyInto(&out.SSHKey) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyClusterStatus. +func (in *NodeDisruptionPolicyClusterStatus) DeepCopy() *NodeDisruptionPolicyClusterStatus { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyClusterStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyConfig) DeepCopyInto(out *NodeDisruptionPolicyConfig) { + *out = *in + if in.Files != nil { + in, out := &in.Files, &out.Files + *out = make([]NodeDisruptionPolicySpecFile, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Units != nil { + in, out := &in.Units, &out.Units + *out = make([]NodeDisruptionPolicySpecUnit, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + in.SSHKey.DeepCopyInto(&out.SSHKey) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyConfig. +func (in *NodeDisruptionPolicyConfig) DeepCopy() *NodeDisruptionPolicyConfig { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicySpecAction) DeepCopyInto(out *NodeDisruptionPolicySpecAction) { + *out = *in + if in.Reload != nil { + in, out := &in.Reload, &out.Reload + *out = new(ReloadService) + **out = **in + } + if in.Restart != nil { + in, out := &in.Restart, &out.Restart + *out = new(RestartService) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicySpecAction. +func (in *NodeDisruptionPolicySpecAction) DeepCopy() *NodeDisruptionPolicySpecAction { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicySpecAction) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicySpecFile) DeepCopyInto(out *NodeDisruptionPolicySpecFile) { + *out = *in + if in.Actions != nil { + in, out := &in.Actions, &out.Actions + *out = make([]NodeDisruptionPolicySpecAction, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicySpecFile. +func (in *NodeDisruptionPolicySpecFile) DeepCopy() *NodeDisruptionPolicySpecFile { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicySpecFile) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicySpecSSHKey) DeepCopyInto(out *NodeDisruptionPolicySpecSSHKey) { + *out = *in + if in.Actions != nil { + in, out := &in.Actions, &out.Actions + *out = make([]NodeDisruptionPolicySpecAction, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicySpecSSHKey. +func (in *NodeDisruptionPolicySpecSSHKey) DeepCopy() *NodeDisruptionPolicySpecSSHKey { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicySpecSSHKey) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicySpecUnit) DeepCopyInto(out *NodeDisruptionPolicySpecUnit) { + *out = *in + if in.Actions != nil { + in, out := &in.Actions, &out.Actions + *out = make([]NodeDisruptionPolicySpecAction, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicySpecUnit. +func (in *NodeDisruptionPolicySpecUnit) DeepCopy() *NodeDisruptionPolicySpecUnit { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicySpecUnit) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyStatus) DeepCopyInto(out *NodeDisruptionPolicyStatus) { + *out = *in + in.ClusterPolicies.DeepCopyInto(&out.ClusterPolicies) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyStatus. +func (in *NodeDisruptionPolicyStatus) DeepCopy() *NodeDisruptionPolicyStatus { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyStatusAction) DeepCopyInto(out *NodeDisruptionPolicyStatusAction) { + *out = *in + if in.Reload != nil { + in, out := &in.Reload, &out.Reload + *out = new(ReloadService) + **out = **in + } + if in.Restart != nil { + in, out := &in.Restart, &out.Restart + *out = new(RestartService) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyStatusAction. +func (in *NodeDisruptionPolicyStatusAction) DeepCopy() *NodeDisruptionPolicyStatusAction { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyStatusAction) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyStatusFile) DeepCopyInto(out *NodeDisruptionPolicyStatusFile) { + *out = *in + if in.Actions != nil { + in, out := &in.Actions, &out.Actions + *out = make([]NodeDisruptionPolicyStatusAction, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyStatusFile. +func (in *NodeDisruptionPolicyStatusFile) DeepCopy() *NodeDisruptionPolicyStatusFile { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyStatusFile) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyStatusSSHKey) DeepCopyInto(out *NodeDisruptionPolicyStatusSSHKey) { + *out = *in + if in.Actions != nil { + in, out := &in.Actions, &out.Actions + *out = make([]NodeDisruptionPolicyStatusAction, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyStatusSSHKey. +func (in *NodeDisruptionPolicyStatusSSHKey) DeepCopy() *NodeDisruptionPolicyStatusSSHKey { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyStatusSSHKey) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NodeDisruptionPolicyStatusUnit) DeepCopyInto(out *NodeDisruptionPolicyStatusUnit) { + *out = *in + if in.Actions != nil { + in, out := &in.Actions, &out.Actions + *out = make([]NodeDisruptionPolicyStatusAction, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeDisruptionPolicyStatusUnit. +func (in *NodeDisruptionPolicyStatusUnit) DeepCopy() *NodeDisruptionPolicyStatusUnit { + if in == nil { + return nil + } + out := new(NodeDisruptionPolicyStatusUnit) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NodePlacement) DeepCopyInto(out *NodePlacement) { *out = *in @@ -3390,6 +3698,16 @@ func (in *OVNKubernetesConfig) DeepCopyInto(out *OVNKubernetesConfig) { **out = **in } in.EgressIPConfig.DeepCopyInto(&out.EgressIPConfig) + if in.IPv4 != nil { + in, out := &in.IPv4, &out.IPv4 + *out = new(IPv4OVNKubernetesConfig) + **out = **in + } + if in.IPv6 != nil { + in, out := &in.IPv6, &out.IPv6 + *out = new(IPv6OVNKubernetesConfig) + **out = **in + } return } @@ -3947,6 +4265,22 @@ func (in *QuickStarts) DeepCopy() *QuickStarts { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReloadService) DeepCopyInto(out *ReloadService) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReloadService. +func (in *ReloadService) DeepCopy() *ReloadService { + if in == nil { + return nil + } + out := new(ReloadService) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ResourceAttributesAccessReview) DeepCopyInto(out *ResourceAttributesAccessReview) { *out = *in @@ -3973,6 +4307,22 @@ func (in *ResourceAttributesAccessReview) DeepCopy() *ResourceAttributesAccessRe return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RestartService) DeepCopyInto(out *RestartService) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RestartService. +func (in *RestartService) DeepCopy() *RestartService { + if in == nil { + return nil + } + out := new(RestartService) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RouteAdmissionPolicy) DeepCopyInto(out *RouteAdmissionPolicy) { *out = *in @@ -4661,6 +5011,21 @@ func (in *VSphereCSIDriverConfigSpec) DeepCopyInto(out *VSphereCSIDriverConfigSp *out = make([]string, len(*in)) copy(*out, *in) } + if in.GlobalMaxSnapshotsPerBlockVolume != nil { + in, out := &in.GlobalMaxSnapshotsPerBlockVolume, &out.GlobalMaxSnapshotsPerBlockVolume + *out = new(uint32) + **out = **in + } + if in.GranularMaxSnapshotsPerBlockVolumeInVSAN != nil { + in, out := &in.GranularMaxSnapshotsPerBlockVolumeInVSAN, &out.GranularMaxSnapshotsPerBlockVolumeInVSAN + *out = new(uint32) + **out = **in + } + if in.GranularMaxSnapshotsPerBlockVolumeInVVOL != nil { + in, out := &in.GranularMaxSnapshotsPerBlockVolumeInVVOL, &out.GranularMaxSnapshotsPerBlockVolumeInVVOL + *out = new(uint32) + **out = **in + } return } diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml index 0374c7021a9..22992a02a04 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.featuregated-crd-manifests.yaml @@ -1,12 +1,14 @@ authentications.operator.openshift.io: Annotations: include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" ApprovedPRNumber: https://github.com/openshift/api/pull/475 CRDName: authentications.operator.openshift.io Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: authentication + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_50" GroupName: operator.openshift.io HasStatus: true KindName: Authentication @@ -15,7 +17,6 @@ authentications.operator.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_50_cluster-authentication-operator_01_configMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -26,6 +27,9 @@ csisnapshotcontrollers.operator.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: csi-snapshot-controller + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_80" GroupName: operator.openshift.io HasStatus: true KindName: CSISnapshotController @@ -34,7 +38,6 @@ csisnapshotcontrollers.operator.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_80_csi_snapshot_controller_operator_01_MARKERScrd.yaml TopLevelFeatureGates: [] Version: v1 @@ -45,6 +48,9 @@ cloudcredentials.operator.openshift.io: Capability: CloudCredential Category: "" FeatureGates: [] + FilenameOperatorName: cloud-credential + FilenameOperatorOrdering: "00" + FilenameRunLevel: "0000_40" GroupName: operator.openshift.io HasStatus: true KindName: CloudCredential @@ -53,7 +59,6 @@ cloudcredentials.operator.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_40_cloud-credential-operator_00_configMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -63,7 +68,11 @@ clustercsidrivers.operator.openshift.io: CRDName: clustercsidrivers.operator.openshift.io Capability: "" Category: "" - FeatureGates: [] + FeatureGates: + - VSphereDriverConfiguration + FilenameOperatorName: csi-driver + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_90" GroupName: operator.openshift.io HasStatus: true KindName: ClusterCSIDriver @@ -72,7 +81,6 @@ clustercsidrivers.operator.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_90_cluster_csi_driver_01_configMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -83,6 +91,9 @@ configs.operator.openshift.io: Capability: "" Category: coreoperators FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" GroupName: operator.openshift.io HasStatus: true KindName: Config @@ -91,7 +102,6 @@ configs.operator.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_10_config-operator_01_configMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -102,6 +112,9 @@ consoles.operator.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: console + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_50" GroupName: operator.openshift.io HasStatus: true KindName: Console @@ -110,7 +123,6 @@ consoles.operator.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 00_console-operatorMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -121,6 +133,9 @@ dnses.operator.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: dns + FilenameOperatorOrdering: "00" + FilenameRunLevel: "0000_70" GroupName: operator.openshift.io HasStatus: true KindName: DNS @@ -129,7 +144,6 @@ dnses.operator.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_70_dns-operator_00MARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -141,6 +155,9 @@ etcds.operator.openshift.io: Category: coreoperators FeatureGates: - HardwareSpeed + FilenameOperatorName: etcd + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_12" GroupName: operator.openshift.io HasStatus: true KindName: Etcd @@ -149,7 +166,6 @@ etcds.operator.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_12_etcd-operator_01_configMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -160,6 +176,9 @@ ingresscontrollers.operator.openshift.io: Capability: Ingress Category: "" FeatureGates: [] + FilenameOperatorName: ingress + FilenameOperatorOrdering: "00" + FilenameRunLevel: "0000_50" GroupName: operator.openshift.io HasStatus: true KindName: IngressController @@ -168,7 +187,6 @@ ingresscontrollers.operator.openshift.io: PrinterColumns: [] Scope: Namespaced ShortNames: null - TargetFilenamePattern: 0000_50_ingress-operator_00-ingresscontrollerMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -179,6 +197,9 @@ insightsoperators.operator.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: insights + FilenameOperatorOrdering: "00" + FilenameRunLevel: "0000_50" GroupName: operator.openshift.io HasStatus: true KindName: InsightsOperator @@ -187,7 +208,6 @@ insightsoperators.operator.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_50_insights-operator_00-insightsoperatorMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -198,6 +218,9 @@ kubeapiservers.operator.openshift.io: Capability: "" Category: coreoperators FeatureGates: [] + FilenameOperatorName: kube-apiserver + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_20" GroupName: operator.openshift.io HasStatus: true KindName: KubeAPIServer @@ -206,7 +229,6 @@ kubeapiservers.operator.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_20_kube-apiserver-operator_01_configMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -217,6 +239,9 @@ kubecontrollermanagers.operator.openshift.io: Capability: "" Category: coreoperators FeatureGates: [] + FilenameOperatorName: kube-controller-manager + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_25" GroupName: operator.openshift.io HasStatus: true KindName: KubeControllerManager @@ -225,7 +250,6 @@ kubecontrollermanagers.operator.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_25_kube-controller-manager-operator_01_configMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -236,6 +260,9 @@ kubeschedulers.operator.openshift.io: Capability: "" Category: coreoperators FeatureGates: [] + FilenameOperatorName: kube-scheduler + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_25" GroupName: operator.openshift.io HasStatus: true KindName: KubeScheduler @@ -244,7 +271,6 @@ kubeschedulers.operator.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_25_kube-scheduler-operator_01_configMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -255,6 +281,9 @@ kubestorageversionmigrators.operator.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: kube-storage-version-migrator + FilenameOperatorOrdering: "00" + FilenameRunLevel: "0000_40" GroupName: operator.openshift.io HasStatus: true KindName: KubeStorageVersionMigrator @@ -263,7 +292,6 @@ kubestorageversionmigrators.operator.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_40_kube-storage-version-migrator-operator_00_configMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -275,6 +303,10 @@ machineconfigurations.operator.openshift.io: Category: "" FeatureGates: - ManagedBootImages + - NodeDisruptionPolicy + FilenameOperatorName: machine-config + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_80" GroupName: operator.openshift.io HasStatus: true KindName: MachineConfiguration @@ -283,20 +315,21 @@ machineconfigurations.operator.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_80_machine-config-operator_01_configMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 networks.operator.openshift.io: Annotations: include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" ApprovedPRNumber: https://github.com/openshift/api/pull/475 CRDName: networks.operator.openshift.io Capability: "" Category: "" FeatureGates: - NetworkLiveMigration + FilenameOperatorName: network + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_70" GroupName: operator.openshift.io HasStatus: false KindName: Network @@ -305,7 +338,6 @@ networks.operator.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_70_cluster-network-operator_01MARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -316,6 +348,9 @@ openshiftapiservers.operator.openshift.io: Capability: "" Category: coreoperators FeatureGates: [] + FilenameOperatorName: openshift-apiserver + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_30" GroupName: operator.openshift.io HasStatus: true KindName: OpenShiftAPIServer @@ -324,7 +359,6 @@ openshiftapiservers.operator.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_30_openshift-apiserver-operator_01_configMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -335,6 +369,9 @@ openshiftcontrollermanagers.operator.openshift.io: Capability: "" Category: coreoperators FeatureGates: [] + FilenameOperatorName: openshift-controller-manager + FilenameOperatorOrdering: "02" + FilenameRunLevel: "0000_50" GroupName: operator.openshift.io HasStatus: true KindName: OpenShiftControllerManager @@ -343,7 +380,6 @@ openshiftcontrollermanagers.operator.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_50_cluster-openshift-controller-manager-operator_02_configMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 @@ -354,6 +390,9 @@ servicecas.operator.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: service-ca + FilenameOperatorOrdering: "02" + FilenameRunLevel: "0000_50" GroupName: operator.openshift.io HasStatus: true KindName: ServiceCA @@ -362,7 +401,6 @@ servicecas.operator.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_50_service-ca-operator_02_MARKERScrd.yaml TopLevelFeatureGates: [] Version: v1 @@ -373,6 +411,9 @@ storages.operator.openshift.io: Capability: "" Category: "" FeatureGates: [] + FilenameOperatorName: storage + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_50" GroupName: operator.openshift.io HasStatus: true KindName: Storage @@ -381,7 +422,6 @@ storages.operator.openshift.io: PrinterColumns: [] Scope: Cluster ShortNames: null - TargetFilenamePattern: 0000_50_cluster_storage_operator_01_MARKERScrd.yaml TopLevelFeatureGates: [] Version: v1 diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index 1ff3042672d..81d4ce91e52 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -501,8 +501,11 @@ func (IBMCloudCSIDriverConfigSpec) SwaggerDoc() map[string]string { } var map_VSphereCSIDriverConfigSpec = map[string]string{ - "": "VSphereCSIDriverConfigSpec defines properties that can be configured for vsphere CSI driver.", - "topologyCategories": "topologyCategories indicates tag categories with which vcenter resources such as hostcluster or datacenter were tagged with. If cluster Infrastructure object has a topology, values specified in Infrastructure object will be used and modifications to topologyCategories will be rejected.", + "": "VSphereCSIDriverConfigSpec defines properties that can be configured for vsphere CSI driver.", + "topologyCategories": "topologyCategories indicates tag categories with which vcenter resources such as hostcluster or datacenter were tagged with. If cluster Infrastructure object has a topology, values specified in Infrastructure object will be used and modifications to topologyCategories will be rejected.", + "globalMaxSnapshotsPerBlockVolume": "globalMaxSnapshotsPerBlockVolume is a global configuration parameter that applies to volumes on all kinds of datastores. If omitted, the platform chooses a default, which is subject to change over time, currently that default is 3. Snapshots can not be disabled using this parameter. Increasing number of snapshots above 3 can have negative impact on performance, for more details see: https://kb.vmware.com/s/article/1025279 Volume snapshot documentation: https://docs.vmware.com/en/VMware-vSphere-Container-Storage-Plug-in/3.0/vmware-vsphere-csp-getting-started/GUID-E0B41C69-7EEB-450F-A73D-5FD2FF39E891.html", + "granularMaxSnapshotsPerBlockVolumeInVSAN": "granularMaxSnapshotsPerBlockVolumeInVSAN is a granular configuration parameter on vSAN datastore only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. Snapshots for VSAN can not be disabled using this parameter.", + "granularMaxSnapshotsPerBlockVolumeInVVOL": "granularMaxSnapshotsPerBlockVolumeInVVOL is a granular configuration parameter on Virtual Volumes datastore only. It overrides GlobalMaxSnapshotsPerBlockVolume if set, while it falls back to the global constraint if unset. Snapshots for VVOL can not be disabled using this parameter.", } func (VSphereCSIDriverConfigSpec) SwaggerDoc() map[string]string { @@ -999,6 +1002,7 @@ var map_IngressControllerTuningOptions = map[string]string{ "serverTimeout": "serverTimeout defines how long a connection will be held open while waiting for a server/backend response.\n\nIf unset, the default timeout is 30s", "serverFinTimeout": "serverFinTimeout defines how long a connection will be held open while waiting for the server/backend response to the client closing the connection.\n\nIf unset, the default timeout is 1s", "tunnelTimeout": "tunnelTimeout defines how long a tunnel connection (including websockets) will be held open while the tunnel is idle.\n\nIf unset, the default timeout is 1h", + "connectTimeout": "ConnectTimeout defines the maximum time to wait for a connection attempt to a server/backend to succeed.\n\nThis field expects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, e.g. \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nWhen omitted, this means the user has no opinion and the platform is left to choose a reasonable default. This default is subject to change over time. The current default is 5s.", "tlsInspectDelay": "tlsInspectDelay defines how long the router can hold data to find a matching route.\n\nSetting this too short can cause the router to fall back to the default certificate for edge-terminated or reencrypt routes even when a better matching certificate could be used.\n\nIf unset, the default inspect delay is 5s", "healthCheckInterval": "healthCheckInterval defines how long the router waits between two consecutive health checks on its configured backends. This value is applied globally as a default for all routes, but may be overridden per-route by the route annotation \"router.openshift.io/haproxy.health.check.interval\".\n\nExpects an unsigned duration string of decimal numbers, each with optional fraction and a unit suffix, eg \"300ms\", \"1.5h\" or \"2h45m\". Valid time units are \"ns\", \"us\" (or \"µs\" U+00B5 or \"μs\" U+03BC), \"ms\", \"s\", \"m\", \"h\".\n\nSetting this to less than 5s can cause excess traffic due to too frequent TCP health checks and accompanying SYN packet storms. Alternatively, setting this too high can result in increased latency, due to backend servers that are no longer available, but haven't yet been detected as such.\n\nAn empty or zero healthCheckInterval means no opinion and IngressController chooses a default, which is subject to change over time. Currently the default healthCheckInterval value is 5s.\n\nCurrently the minimum allowed value is 1s and the maximum allowed value is 2147483647ms (24.85 days). Both are subject to change over time.", "maxConnections": "maxConnections defines the maximum number of simultaneous connections that can be established per HAProxy process. Increasing this value allows each ingress controller pod to handle more connections but at the cost of additional system resources being consumed.\n\nPermitted values are: empty, 0, -1, and the range 2000-2000000.\n\nIf this field is empty or 0, the IngressController will use the default value of 50000, but the default is subject to change in future releases.\n\nIf the value is -1 then HAProxy will dynamically compute a maximum value based on the available ulimits in the running container. Selecting -1 (i.e., auto) will result in a large value being computed (~520000 on OpenShift >=4.10 clusters) and therefore each HAProxy process will incur significant memory usage compared to the current default of 50000.\n\nSetting a value that is greater than the current operating system limit will prevent the HAProxy process from starting.\n\nIf you choose a discrete value (e.g., 750000) and the router pod is migrated to a new node, there's no guarantee that that new node has identical ulimits configured. In such a scenario the pod would fail to start. If you have nodes with different ulimits configured (e.g., different tuned profiles) and you choose a discrete value then the guidance is to use -1 and let the value be computed dynamically at runtime.\n\nYou can monitor memory usage for router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}'.\n\nYou can monitor memory usage of individual HAProxy processes in router containers with the following metric: 'container_memory_working_set_bytes{container=\"router\",namespace=\"openshift-ingress\"}/container_processes{container=\"router\",namespace=\"openshift-ingress\"}'.", @@ -1275,13 +1279,22 @@ func (MachineConfigurationList) SwaggerDoc() map[string]string { } var map_MachineConfigurationSpec = map[string]string{ - "managedBootImages": "managedBootImages allows configuration for the management of boot images for machine resources within the cluster. This configuration allows users to select resources that should be updated to the latest boot images during cluster upgrades, ensuring that new machines always boot with the current cluster version's boot image. When omitted, no boot images will be updated.", + "managedBootImages": "managedBootImages allows configuration for the management of boot images for machine resources within the cluster. This configuration allows users to select resources that should be updated to the latest boot images during cluster upgrades, ensuring that new machines always boot with the current cluster version's boot image. When omitted, no boot images will be updated.", + "nodeDisruptionPolicy": "nodeDisruptionPolicy allows an admin to set granular node disruption actions for MachineConfig-based updates, such as drains, service reloads, etc. Specifying this will allow for less downtime when doing small configuration updates to the cluster. This configuration has no effect on cluster upgrades which will still incur node disruption where required.", } func (MachineConfigurationSpec) SwaggerDoc() map[string]string { return map_MachineConfigurationSpec } +var map_MachineConfigurationStatus = map[string]string{ + "nodeDisruptionPolicyStatus": "nodeDisruptionPolicyStatus status reflects what the latest cluster-validated policies are, and will be used by the Machine Config Daemon during future node updates.", +} + +func (MachineConfigurationStatus) SwaggerDoc() map[string]string { + return map_MachineConfigurationStatus +} + var map_MachineManager = map[string]string{ "": "MachineManager describes a target machine resource that is registered for boot image updates. It stores identifying information such as the resource type and the API Group of the resource. It also provides granular control via the selection field.", "resource": "resource is the machine management resource's type. The only current valid value is machinesets. machinesets means that the machine manager will only register resources of the kind MachineSet.", @@ -1310,6 +1323,114 @@ func (ManagedBootImages) SwaggerDoc() map[string]string { return map_ManagedBootImages } +var map_NodeDisruptionPolicyClusterStatus = map[string]string{ + "": "NodeDisruptionPolicyClusterStatus is the type for the status object, rendered by the controller as a merge of cluster defaults and user provided policies", + "files": "files is a list of MachineConfig file definitions and actions to take to changes on those paths", + "units": "units is a list MachineConfig unit definitions and actions to take on changes to those services", + "sshkey": "sshkey is the overall sshkey MachineConfig definition", +} + +func (NodeDisruptionPolicyClusterStatus) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyClusterStatus +} + +var map_NodeDisruptionPolicyConfig = map[string]string{ + "": "NodeDisruptionPolicyConfig is the overall spec definition for files/units/sshkeys", + "files": "files is a list of MachineConfig file definitions and actions to take to changes on those paths This list supports a maximum of 50 entries.", + "units": "units is a list MachineConfig unit definitions and actions to take on changes to those services This list supports a maximum of 50 entries.", + "sshkey": "sshkey maps to the ignition.sshkeys field in the MachineConfig object, definition an action for this will apply to all sshkey changes in the cluster", +} + +func (NodeDisruptionPolicyConfig) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyConfig +} + +var map_NodeDisruptionPolicySpecAction = map[string]string{ + "type": "type represents the commands that will be carried out if this NodeDisruptionPolicySpecActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload and None. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration", + "reload": "reload specifies the service to reload, only valid if type is reload", + "restart": "restart specifies the service to restart, only valid if type is restart", +} + +func (NodeDisruptionPolicySpecAction) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicySpecAction +} + +var map_NodeDisruptionPolicySpecFile = map[string]string{ + "": "NodeDisruptionPolicySpecFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object", + "path": "path is the location of a file being managed through a MachineConfig. The Actions in the policy will apply to changes to the file at this path.", + "actions": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", +} + +func (NodeDisruptionPolicySpecFile) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicySpecFile +} + +var map_NodeDisruptionPolicySpecSSHKey = map[string]string{ + "": "NodeDisruptionPolicySpecSSHKey is actions to take for any SSHKey change and is used in the NodeDisruptionPolicyConfig object", + "actions": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", +} + +func (NodeDisruptionPolicySpecSSHKey) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicySpecSSHKey +} + +var map_NodeDisruptionPolicySpecUnit = map[string]string{ + "": "NodeDisruptionPolicySpecUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyConfig object", + "name": "name represents the service name of a systemd service managed through a MachineConfig Actions specified will be applied for changes to the named service. Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "actions": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", +} + +func (NodeDisruptionPolicySpecUnit) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicySpecUnit +} + +var map_NodeDisruptionPolicyStatus = map[string]string{ + "clusterPolicies": "clusterPolicies is a merge of cluster default and user provided node disruption policies.", +} + +func (NodeDisruptionPolicyStatus) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyStatus +} + +var map_NodeDisruptionPolicyStatusAction = map[string]string{ + "type": "type represents the commands that will be carried out if this NodeDisruptionPolicyStatusActionType is executed Valid values are Reboot, Drain, Reload, Restart, DaemonReload, None and Special. reload/restart requires a corresponding service target specified in the reload/restart field. Other values require no further configuration", + "reload": "reload specifies the service to reload, only valid if type is reload", + "restart": "restart specifies the service to restart, only valid if type is restart", +} + +func (NodeDisruptionPolicyStatusAction) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyStatusAction +} + +var map_NodeDisruptionPolicyStatusFile = map[string]string{ + "": "NodeDisruptionPolicyStatusFile is a file entry and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object", + "path": "path is the location of a file being managed through a MachineConfig. The Actions in the policy will apply to changes to the file at this path.", + "actions": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", +} + +func (NodeDisruptionPolicyStatusFile) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyStatusFile +} + +var map_NodeDisruptionPolicyStatusSSHKey = map[string]string{ + "": "NodeDisruptionPolicyStatusSSHKey is actions to take for any SSHKey change and is used in the NodeDisruptionPolicyClusterStatus object", + "actions": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", +} + +func (NodeDisruptionPolicyStatusSSHKey) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyStatusSSHKey +} + +var map_NodeDisruptionPolicyStatusUnit = map[string]string{ + "": "NodeDisruptionPolicyStatusUnit is a systemd unit name and corresponding actions to take and is used in the NodeDisruptionPolicyClusterStatus object", + "name": "name represents the service name of a systemd service managed through a MachineConfig Actions specified will be applied for changes to the named service. Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", + "actions": "actions represents the series of commands to be executed on changes to the file at the corresponding file path. Actions will be applied in the order that they are set in this list. If there are other incoming changes to other MachineConfig entries in the same update that require a reboot, the reboot will supercede these actions. Valid actions are Reboot, Drain, Reload, DaemonReload and None. The Reboot action and the None action cannot be used in conjunction with any of the other actions. This list supports a maximum of 10 entries.", +} + +func (NodeDisruptionPolicyStatusUnit) SwaggerDoc() map[string]string { + return map_NodeDisruptionPolicyStatusUnit +} + var map_PartialSelector = map[string]string{ "": "PartialSelector provides label selector(s) that can be used to match machine management resources.", "machineResourceSelector": "machineResourceSelector is a label selector that can be used to select machine resources like MachineSets.", @@ -1319,6 +1440,24 @@ func (PartialSelector) SwaggerDoc() map[string]string { return map_PartialSelector } +var map_ReloadService = map[string]string{ + "": "ReloadService allows the user to specify the services to be reloaded", + "serviceName": "serviceName is the full name (e.g. crio.service) of the service to be reloaded Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", +} + +func (ReloadService) SwaggerDoc() map[string]string { + return map_ReloadService +} + +var map_RestartService = map[string]string{ + "": "RestartService allows the user to specify the services to be restarted", + "serviceName": "serviceName is the full name (e.g. crio.service) of the service to be restarted Service names should be of the format ${NAME}${SERVICETYPE} and can up to 255 characters long. ${NAME} must be atleast 1 character long and can only consist of alphabets, digits, \":\", \"-\", \"_\", \".\", and \"\". ${SERVICETYPE} must be one of \".service\", \".socket\", \".device\", \".mount\", \".automount\", \".swap\", \".target\", \".path\", \".timer\", \".snapshot\", \".slice\" or \".scope\".", +} + +func (RestartService) SwaggerDoc() map[string]string { + return map_RestartService +} + var map_AdditionalNetworkDefinition = map[string]string{ "": "AdditionalNetworkDefinition configures an extra network that is available but not created by default. Instead, pods must request them by name. type must be specified, along with exactly one \"Config\" that matches the type.", "type": "type is the type of network The supported values are NetworkTypeRaw, NetworkTypeSimpleMacvlan", @@ -1436,6 +1575,15 @@ func (IPv4GatewayConfig) SwaggerDoc() map[string]string { return map_IPv4GatewayConfig } +var map_IPv4OVNKubernetesConfig = map[string]string{ + "internalTransitSwitchSubnet": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. The value cannot be changed after installation. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is 100.88.0.0/16 The subnet must be large enough to accomadate one IP per node in your cluster The value must be in proper IPV4 CIDR format", + "internalJoinSubnet": "internalJoinSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. The current default value is 100.64.0.0/16 The subnet must be large enough to accomadate one IP per node in your cluster The value must be in proper IPV4 CIDR format", +} + +func (IPv4OVNKubernetesConfig) SwaggerDoc() map[string]string { + return map_IPv4OVNKubernetesConfig +} + var map_IPv6GatewayConfig = map[string]string{ "": "IPV6GatewayConfig holds the configuration paramaters for IPV6 connections in the GatewayConfig for OVN-Kubernetes", "internalMasqueradeSubnet": "internalMasqueradeSubnet contains the masquerade addresses in IPV6 CIDR format used internally by ovn-kubernetes to enable host to service traffic. Each host in the cluster is configured with these addresses, as well as the shared gateway bridge interface. The values can be changed after installation. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. Additionally the subnet must be large enough to accommodate 6 IPs (maximum prefix length /125). When omitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The current default subnet is fd69::/125 Note that IPV6 dual addresses are not permitted", @@ -1445,6 +1593,15 @@ func (IPv6GatewayConfig) SwaggerDoc() map[string]string { return map_IPv6GatewayConfig } +var map_IPv6OVNKubernetesConfig = map[string]string{ + "internalTransitSwitchSubnet": "internalTransitSwitchSubnet is a v4 subnet in IPV4 CIDR format used internally by OVN-Kubernetes for the distributed transit switch in the OVN Interconnect architecture that connects the cluster routers on each node together to enable east west traffic. The subnet chosen should not overlap with other networks specified for OVN-Kubernetes as well as other networks used on the host. The value cannot be changed after installation. When ommitted, this means no opinion and the platform is left to choose a reasonable default which is subject to change over time. The subnet must be large enough to accomadate one IP per node in your cluster The current default subnet is fd97::/64 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted", + "internalJoinSubnet": "internalJoinSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. The subnet must be large enough to accomadate one IP per node in your cluster The current default value is fd98::/48 The value must be in proper IPV6 CIDR format Note that IPV6 dual addresses are not permitted", +} + +func (IPv6OVNKubernetesConfig) SwaggerDoc() map[string]string { + return map_IPv6OVNKubernetesConfig +} + var map_MTUMigration = map[string]string{ "": "MTUMigration MTU contains infomation about MTU migration.", "network": "network contains information about MTU migration for the default network. Migrations are only allowed to MTU values lower than the machine's uplink MTU by the minimum appropriate offset.", @@ -1541,6 +1698,8 @@ var map_OVNKubernetesConfig = map[string]string{ "v4InternalSubnet": "v4InternalSubnet is a v4 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. Default is 100.64.0.0/16", "v6InternalSubnet": "v6InternalSubnet is a v6 subnet used internally by ovn-kubernetes in case the default one is being already used by something else. It must not overlap with any other subnet being used by OpenShift or by the node network. The size of the subnet must be larger than the number of nodes. The value cannot be changed after installation. Default is fd98::/48", "egressIPConfig": "egressIPConfig holds the configuration for EgressIP options.", + "ipv4": "ipv4 allows users to configure IP settings for IPv4 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", + "ipv6": "ipv6 allows users to configure IP settings for IPv6 connections. When ommitted, this means no opinions and the default configuration is used. Check individual fields within ipv4 for details of default values.", } func (OVNKubernetesConfig) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_01_etcdbackup-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_01_etcdbackup-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index a9e1edaeb97..00000000000 --- a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_01_etcdbackup-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,158 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1482 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: etcdbackups.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: EtcdBackup - listKind: EtcdBackupList - plural: etcdbackups - singular: etcdbackup - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "# EtcdBackup provides configuration options and status for a - one-time backup attempt of the etcd cluster \n Compatibility level 4: No - compatibility is provided, the API can change at any point for any reason. - These capabilities should not be used by applications needing long term - support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - pvcName: - description: PVCName specifies the name of the PersistentVolumeClaim - (PVC) which binds a PersistentVolume where the etcd backup file - would be saved The PVC itself must always be created in the "openshift-etcd" - namespace If the PVC is left unspecified "" then the platform will - choose a reasonable default location to save the backup. In the - future this would be backups saved across the control-plane master - nodes. - type: string - x-kubernetes-validations: - - message: pvcName is immutable once set - rule: self == oldSelf - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - backupJob: - description: backupJob is the reference to the Job that executes the - backup. Optional - properties: - name: - description: name is the name of the Job. Required - type: string - namespace: - description: namespace is the namespace of the Job. this is always - expected to be "openshift-etcd" since the user provided PVC - is also required to be in "openshift-etcd" Required - pattern: ^openshift-etcd$ - type: string - required: - - name - - namespace - type: object - conditions: - description: conditions provide details on the status of the etcd - backup job. - items: - description: "Condition contains details for one aspect of the current - state of this API Resource. --- This struct is intended for direct - use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a - foo's current state. // Known .status.conditions.type are: \"Available\", - \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge - // +listType=map // +listMapKey=type Conditions []metav1.Condition - `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" - protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" - properties: - lastTransitionTime: - description: lastTransitionTime is the last time the condition - transitioned from one status to another. This should be when - the underlying condition changed. If that is not known, then - using the time when the API field changed is acceptable. - format: date-time - type: string - message: - description: message is a human readable message indicating - details about the transition. This may be an empty string. - maxLength: 32768 - type: string - observedGeneration: - description: observedGeneration represents the .metadata.generation - that the condition was set based upon. For instance, if .metadata.generation - is currently 12, but the .status.conditions[x].observedGeneration - is 9, the condition is out of date with respect to the current - state of the instance. - format: int64 - minimum: 0 - type: integer - reason: - description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers - of specific condition types may define expected values and - meanings for this field, and whether the values are considered - a guaranteed API. The value should be a CamelCase string. - This field may not be empty. - maxLength: 1024 - minLength: 1 - pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ - type: string - status: - description: status of the condition, one of True, False, Unknown. - enum: - - "True" - - "False" - - Unknown - type: string - type: - description: type of condition in CamelCase or in foo.example.com/CamelCase. - --- Many .condition.type values are consistent across resources - like Available, but because arbitrary conditions can be useful - (see .node.status.conditions), the ability to deconflict is - important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) - maxLength: 316 - pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ - type: string - required: - - lastTransitionTime - - message - - reason - - status - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml deleted file mode 100644 index 6d1e24ac9b9..00000000000 --- a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml +++ /dev/null @@ -1,97 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/470 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - name: imagecontentsourcepolicies.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: ImageContentSourcePolicy - listKind: ImageContentSourcePolicyList - plural: imagecontentsourcepolicies - singular: imagecontentsourcepolicy - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "ImageContentSourcePolicy holds cluster-wide information about - how to handle registry mirror rules. When multiple policies are defined, - the outcome of the behavior is defined on each field. \n Compatibility level - 4: No compatibility is provided, the API can change at any point for any - reason. These capabilities should not be used by applications needing long - term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - repositoryDigestMirrors: - description: "repositoryDigestMirrors allows images referenced by - image digests in pods to be pulled from alternative mirrored repository - locations. The image pull specification provided to the pod will - be compared to the source locations described in RepositoryDigestMirrors - and the image may be pulled down from any of the mirrors in the - list instead of the specified repository allowing administrators - to choose a potentially faster mirror. Only image pull specifications - that have an image digest will have this behavior applied to them - - tags will continue to be pulled from the specified repository - in the pull spec. \n Each “source” repository is treated independently; - configurations for different “source” repositories don’t interact. - \n When multiple policies are defined for the same “source” repository, - the sets of defined mirrors will be merged together, preserving - the relative order of the mirrors, if possible. For example, if - policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, - the mirrors will be used in the order `a, b, c, d, e`. If the orders - of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration - is not rejected but the resulting order is unspecified." - items: - description: 'RepositoryDigestMirrors holds cluster-wide information - about how to handle mirros in the registries config. Note: the - mirrors only work when pulling the images that are referenced - by their digests.' - properties: - mirrors: - description: mirrors is one or more repositories that may also - contain the same images. The order of mirrors in this list - is treated as the user's desired priority, while source is - by default considered lower priority than all mirrors. Other - cluster configuration, including (but not limited to) other - repositoryDigestMirrors objects, may impact the exact order - mirrors are contacted in, or some mirrors may be contacted - in parallel, so this should be considered a preference rather - than a guarantee of ordering. - items: - type: string - type: array - source: - description: source is the repository that users refer to, e.g. - in image pull specifications. - type: string - required: - - source - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-CustomNoUpgrade.crd.yaml deleted file mode 100644 index 12210c487c9..00000000000 --- a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,179 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1504 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: olms.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: OLM - listKind: OLMList - plural: olms - singular: olm - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "OLM provides information to configure an operator to manage - the OLM controllers \n Compatibility level 4: No compatibility is provided, - the API can change at any point for any reason. These capabilities should - not be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - metadata - - spec - type: object - x-kubernetes-validations: - - message: olm is a singleton, .metadata.name must be 'cluster' - rule: self.metadata.name == 'cluster' - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index deccc298145..00000000000 --- a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_olm-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,179 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1504 - include.release.openshift.io/ibm-cloud-managed: "true" - include.release.openshift.io/self-managed-high-availability: "true" - include.release.openshift.io/single-node-developer: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: olms.operator.openshift.io -spec: - group: operator.openshift.io - names: - kind: OLM - listKind: OLMList - plural: olms - singular: olm - scope: Cluster - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: "OLM provides information to configure an operator to manage - the OLM controllers \n Compatibility level 4: No compatibility is provided, - the API can change at any point for any reason. These capabilities should - not be used by applications needing long term support." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - properties: - logLevel: - default: Normal - description: "logLevel is an intent based logging for an overall component. - \ It does not give fine grained control, but it is a simple way - to manage coarse grained logging choices that operators have to - interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", - \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller - has observed from the cluster state. It exists in spec because - it is an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - default: Normal - description: "operatorLogLevel is an intent based logging for the - operator itself. It does not give fine grained control, but it - is a simple way to manage coarse grained logging choices that operators - have to interpret for themselves. \n Valid values are: \"Normal\", - \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\"." - enum: - - "" - - Normal - - Debug - - Trace - - TraceAll - type: string - unsupportedConfigOverrides: - description: unsupportedConfigOverrides overrides the final configuration - that was computed by the operator. Red Hat does not support the - use of this field. Misuse of this field could lead to unexpected - behavior or conflict with other configuration options. Seek guidance - from the Red Hat support before using this field. Use of this property - blocks cluster upgrades, it must be removed before upgrading your - cluster. - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - required: - - type - type: object - type: array - x-kubernetes-list-map-keys: - - type - x-kubernetes-list-type: map - generations: - description: generations are used to determine when an item needs - to be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for - a given resource so that decisions about forced updates can be - made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - x-kubernetes-list-type: atomic - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - metadata - - spec - type: object - x-kubernetes-validations: - - message: olm is a singleton, .metadata.name must be 'cluster' - rule: self.metadata.name == 'cluster' - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/custom.olm.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/custom.olm.testsuite.yaml deleted file mode 100644 index 233e73d18a3..00000000000 --- a/vendor/github.com/openshift/api/operator/v1alpha1/custom.olm.testsuite.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Custom] OLM" -crd: 0000_10_config-operator_01_olm-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal OLM - initial: | - apiVersion: operator.openshift.io/v1alpha1 - kind: OLM - metadata: - name: cluster - spec: {} # No spec is required for an OLM - expected: | - apiVersion: operator.openshift.io/v1alpha1 - kind: OLM - metadata: - name: cluster - spec: - logLevel: Normal - operatorLogLevel: Normal - - name: Should reject an OLM with an invalid name - initial: | - apiVersion: operator.openshift.io/v1alpha1 - kind: OLM - metadata: - name: foo - spec: {} # No spec is required for an OLM - expectedError: "Invalid value: \"object\": olm is a singleton, .metadata.name must be 'cluster'" diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/stable.imagecontentsourcepolicy.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/stable.imagecontentsourcepolicy.testsuite.yaml deleted file mode 100644 index 24267570a39..00000000000 --- a/vendor/github.com/openshift/api/operator/v1alpha1/stable.imagecontentsourcepolicy.testsuite.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] ImageContentSourcePolicy" -crd: 0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal ImageContentSourcePolicy - initial: | - apiVersion: operator.openshift.io/v1alpha1 - kind: ImageContentSourcePolicy - spec: {} # No spec is required for a ImageContentSourcePolicy - expected: | - apiVersion: operator.openshift.io/v1alpha1 - kind: ImageContentSourcePolicy - spec: {} diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/techpreview.etcdbackup.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/techpreview.etcdbackup.testsuite.yaml deleted file mode 100644 index 10d85518923..00000000000 --- a/vendor/github.com/openshift/api/operator/v1alpha1/techpreview.etcdbackup.testsuite.yaml +++ /dev/null @@ -1,38 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[TechPreview] EtcdBackup" -crd: 0000_10_01_etcdbackup-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create an EtcdBackup with a valid spec - initial: | - apiVersion: operator.openshift.io/v1alpha1 - kind: EtcdBackup - spec: - pvcName: etcdbackup-pvc - expected: | - apiVersion: operator.openshift.io/v1alpha1 - kind: EtcdBackup - spec: - pvcName: etcdbackup-pvc - - name: Should be able to create an EtcdBackup without the pvcName specified - initial: | - apiVersion: operator.openshift.io/v1alpha1 - kind: EtcdBackup - spec: {} - expected: | - apiVersion: operator.openshift.io/v1alpha1 - kind: EtcdBackup - spec: {} - onUpdate: - - name: pvcName is immutable once set - initial: | - apiVersion: operator.openshift.io/v1alpha1 - kind: EtcdBackup - spec: - pvcName: etcdbackup-pvc - updated: | - apiVersion: operator.openshift.io/v1alpha1 - kind: EtcdBackup - spec: - pvcName: updated-etcdbackup-pvc - expectedError: "spec.pvcName: Invalid value: \"string\": pvcName is immutable once set" diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/techpreview.olm.testsuite.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/techpreview.olm.testsuite.yaml deleted file mode 100644 index 99c85fe01c6..00000000000 --- a/vendor/github.com/openshift/api/operator/v1alpha1/techpreview.olm.testsuite.yaml +++ /dev/null @@ -1,28 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Tech Preview] OLM" -crd: 0000_10_config-operator_01_olm-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal OLM - initial: | - apiVersion: operator.openshift.io/v1alpha1 - kind: OLM - metadata: - name: cluster - spec: {} # No spec is required for an OLM - expected: | - apiVersion: operator.openshift.io/v1alpha1 - kind: OLM - metadata: - name: cluster - spec: - logLevel: Normal - operatorLogLevel: Normal - - name: Should reject an OLM with an invalid name - initial: | - apiVersion: operator.openshift.io/v1alpha1 - kind: OLM - metadata: - name: foo - spec: {} # No spec is required for an OLM - expectedError: "Invalid value: \"object\": olm is a singleton, .metadata.name must be 'cluster'" diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/types_etcdbackup.go b/vendor/github.com/openshift/api/operator/v1alpha1/types_etcdbackup.go index b1d73306c5f..2654f570083 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/types_etcdbackup.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/types_etcdbackup.go @@ -6,13 +6,18 @@ import ( // +genclient // +genclient:nonNamespaced -// +kubebuilder:resource:scope=Cluster // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // // # EtcdBackup provides configuration options and status for a one-time backup attempt of the etcd cluster // // Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. // +openshift:compatibility-gen:level=4 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=etcdbackups,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1482 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=etcd,operatorOrdering=01 +// +openshift:enable:FeatureGate=AutomatedEtcdBackup type EtcdBackup struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/types_image_content_source_policy.go b/vendor/github.com/openshift/api/operator/v1alpha1/types_image_content_source_policy.go index 1a101cad6ab..6e14720dd34 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/types_image_content_source_policy.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/types_image_content_source_policy.go @@ -10,6 +10,11 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // When multiple policies are defined, the outcome of the behavior is defined on each field. // // Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=imagecontentsourcepolicies,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/470 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 // +openshift:compatibility-gen:level=4 type ImageContentSourcePolicy struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/types_olm.go b/vendor/github.com/openshift/api/operator/v1alpha1/types_olm.go index 8f20690ae6c..f29385b9fa1 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/types_olm.go +++ b/vendor/github.com/openshift/api/operator/v1alpha1/types_olm.go @@ -14,6 +14,12 @@ import ( // // Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. // +openshift:compatibility-gen:level=4 +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=olms,scope=Cluster +// +kubebuilder:subresource:status +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1504 +// +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=operator-lifecycle-manager,operatorOrdering=01 +// +openshift:enable:FeatureGate=NewOLM // +kubebuilder:validation:XValidation:rule="self.metadata.name == 'cluster'",message="olm is a singleton, .metadata.name must be 'cluster'" type OLM struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml new file mode 100644 index 00000000000..2b6cbef2753 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -0,0 +1,67 @@ +etcdbackups.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1482 + CRDName: etcdbackups.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: + - AutomatedEtcdBackup + FilenameOperatorName: etcd + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: operator.openshift.io + HasStatus: true + KindName: EtcdBackup + Labels: {} + PluralName: etcdbackups + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - AutomatedEtcdBackup + Version: v1alpha1 + +imagecontentsourcepolicies.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/470 + CRDName: imagecontentsourcepolicies.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: [] + FilenameOperatorName: config-operator + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: operator.openshift.io + HasStatus: true + KindName: ImageContentSourcePolicy + Labels: {} + PluralName: imagecontentsourcepolicies + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: [] + Version: v1alpha1 + +olms.operator.openshift.io: + Annotations: {} + ApprovedPRNumber: https://github.com/openshift/api/pull/1504 + CRDName: olms.operator.openshift.io + Capability: "" + Category: "" + FeatureGates: + - NewOLM + FilenameOperatorName: operator-lifecycle-manager + FilenameOperatorOrdering: "01" + FilenameRunLevel: "0000_10" + GroupName: operator.openshift.io + HasStatus: true + KindName: OLM + Labels: {} + PluralName: olms + PrinterColumns: [] + Scope: Cluster + ShortNames: null + TopLevelFeatureGates: + - NewOLM + Version: v1alpha1 + diff --git a/vendor/github.com/openshift/api/route/v1/custom.route.testsuite.yaml b/vendor/github.com/openshift/api/route/v1/custom.route.testsuite.yaml deleted file mode 100644 index 4a8042fc1b9..00000000000 --- a/vendor/github.com/openshift/api/route/v1/custom.route.testsuite.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: '[CustomNoUpgrade] Route' -crd: route-CustomNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Route - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - expected: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - weight: 100 - wildcardPolicy: None - - name: 'cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow' - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Allow - expectedError: 'cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow' - - name: 'spec.tls.termination: passthrough is compatible with spec.tls.insecureEdgeTerminationPolicy: Redirect' - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Redirect - expected: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - weight: 100 - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Redirect - wildcardPolicy: None - - name: 'spec.tls.termination: passthrough is compatible with spec.tls.insecureEdgeTerminationPolicy: None' - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - tls: - termination: passthrough - insecureEdgeTerminationPolicy: None - expected: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - weight: 100 - tls: - termination: passthrough - insecureEdgeTerminationPolicy: None - wildcardPolicy: None - - name: 'cannot have both spec.tls.certificate and spec.tls.externalCertificate' - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - tls: - termination: edge - key: |- - -----BEGIN RSA PRIVATE KEY----- - -----END RSA PRIVATE KEY----- - certificate: |- - -----BEGIN CERTIFICATE----- - -----END CERTIFICATE----- - externalCertificate: - name: "my-local-secret" - expectedError: 'Invalid value: "object": cannot have both spec.tls.certificate and spec.tls.externalCertificate' diff --git a/vendor/github.com/openshift/api/route/v1/generated.proto b/vendor/github.com/openshift/api/route/v1/generated.proto index 1797fe7702f..621bec09b00 100644 --- a/vendor/github.com/openshift/api/route/v1/generated.proto +++ b/vendor/github.com/openshift/api/route/v1/generated.proto @@ -436,8 +436,12 @@ message TLSConfig { // insecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to a route. While // each router may make its own decisions on which ports to expose, this is normally port 80. // - // * Allow - traffic is sent to the server on the insecure port (edge/reencrypt terminations only) (default). - // * None - no traffic is allowed on the insecure port. + // If a route does not specify insecureEdgeTerminationPolicy, then the default behavior is "None". + // + // * Allow - traffic is sent to the server on the insecure port (edge/reencrypt terminations only). + // + // * None - no traffic is allowed on the insecure port (default). + // // * Redirect - clients are redirected to the secure port. // // +kubebuilder:validation:Enum=Allow;None;Redirect;"" diff --git a/vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml deleted file mode 100644 index ef90971381e..00000000000 --- a/vendor/github.com/openshift/api/route/v1/route-CustomNoUpgrade.crd.yaml +++ /dev/null @@ -1,676 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1228 - api.openshift.io/merged-by-featuregates: "true" - release.openshift.io/feature-set: CustomNoUpgrade - name: routes.route.openshift.io -spec: - group: route.openshift.io - names: - kind: Route - listKind: RouteList - plural: routes - singular: route - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.ingress[0].host - name: Host - type: string - - jsonPath: .status.ingress[0].conditions[?(@.type=="Admitted")].status - name: Admitted - type: string - - jsonPath: .spec.to.name - name: Service - type: string - - jsonPath: .spec.tls.type - name: TLS - type: string - name: v1 - schema: - openAPIV3Schema: - description: "A route allows developers to expose services through an HTTP(S) - aware load balancing and proxy layer via a public DNS entry. The route may - further specify TLS options and a certificate, or specify a public CNAME - that the router should also accept for HTTP and HTTPS traffic. An administrator - typically configures their router to be visible outside the cluster firewall, - and may also add additional security, caching, or traffic controls on the - service content. Routers usually talk directly to the service endpoints. - \n Once a route is created, the `host` field may not be changed. Generally, - routers use the oldest route with a given host when resolving conflicts. - \n Routers are subject to additional customization and may support additional - controls via the annotations field. \n Because administrators may configure - multiple routers, the route status field is used to return information to - clients about the names and states of the route under each router. If a - client chooses a duplicate name, for instance, the route status conditions - are used to indicate the route cannot be chosen. \n To enable HTTP/2 ALPN - on a route it requires a custom (non-wildcard) certificate. This prevents - connection coalescing by clients, notably web browsers. We do not support - HTTP/2 ALPN on routes that use the default certificate because of the risk - of connection re-use/coalescing. Routes that do not have their own custom - certificate will not be HTTP/2 ALPN-enabled on either the frontend or the - backend. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - allOf: - - anyOf: - - properties: - path: - maxLength: 0 - - properties: - tls: - enum: - - null - - not: - properties: - tls: - properties: - termination: - enum: - - passthrough - - anyOf: - - not: - properties: - host: - maxLength: 0 - - not: - properties: - wildcardPolicy: - enum: - - Subdomain - description: spec is the desired state of the route - properties: - alternateBackends: - description: alternateBackends allows up to 3 additional backends - to be assigned to the route. Only the Service kind is allowed, and - it will be defaulted to Service. Use the weight field in RouteTargetReference - object to specify relative preference. - items: - description: RouteTargetReference specifies the target that resolve - into endpoints. Only the 'Service' kind is allowed. Use 'weight' - field to emphasize one over others. - properties: - kind: - default: Service - description: The kind of target that the route is referring - to. Currently, only 'Service' is allowed - enum: - - Service - - "" - type: string - name: - description: name of the service/target that is being referred - to. e.g. name of the service - minLength: 1 - type: string - weight: - default: 100 - description: weight as an integer between 0 and 256, default - 100, that specifies the target's relative weight against other - target reference objects. 0 suppresses requests to this backend. - format: int32 - maximum: 256 - minimum: 0 - type: integer - required: - - kind - - name - type: object - maxItems: 3 - type: array - host: - description: host is an alias/DNS that points to the service. Optional. - If not specified a route name will typically be automatically chosen. - Must follow DNS952 subdomain conventions. - maxLength: 253 - pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ - type: string - httpHeaders: - description: httpHeaders defines policy for HTTP headers. - properties: - actions: - description: 'actions specifies options for modifying headers - and their values. Note that this option only applies to cleartext - HTTP connections and to secure HTTP connections for which the - ingress controller terminates encryption (that is, edge-terminated - or reencrypt connections). Headers cannot be modified for TLS - passthrough connections. Setting the HSTS (`Strict-Transport-Security`) - header is not supported via actions. `Strict-Transport-Security` - may only be configured using the "haproxy.router.openshift.io/hsts_header" - route annotation, and only in accordance with the policy specified - in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request - headers, the actions specified in spec.httpHeaders.actions on - the Route will be executed after the actions specified in the - IngressController''s spec.httpHeaders.actions field. In case - of HTTP response headers, the actions specified in spec.httpHeaders.actions - on the IngressController will be executed after the actions - specified in the Route''s spec.httpHeaders.actions field. The - headers set via this API will not appear in access logs. Any - actions defined here are applied after any actions related to - the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, - spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. - The following header names are reserved and may not be modified - via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. - Note that the total size of all net added headers *after* interpolating - dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. Please refer to the documentation - for that API field for more details.' - properties: - request: - description: 'request is a list of HTTP request headers to - modify. Currently, actions may define to either `Set` or - `Delete` headers values. Actions defined here will modify - the request headers of all requests made through a route. - These actions are applied to a specific Route defined within - a cluster i.e. connections made through a route. Currently, - actions may define to either `Set` or `Delete` headers values. - Route actions will be executed after IngressController actions - for request headers. Actions are applied in sequence as - defined in this list. A maximum of 20 request header actions - may be configured. You can use this field to specify HTTP - request headers that should be set or deleted when forwarding - connections from the client to your application. Sample - fetchers allowed are "req.hdr" and "ssl_c_der". Converters - allowed are "lower" and "base64". Example header values: - "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". - Any request header configuration applied directly via a - Route resource using this API will override header configuration - for a header of the same name applied via spec.httpHeaders.actions - on the IngressController or route annotation. Note: This - field cannot be used if your route uses TLS passthrough.' - items: - description: RouteHTTPHeader specifies configuration for - setting or deleting an HTTP header. - properties: - action: - description: action specifies actions to perform on - headers, such as setting or deleting headers. - properties: - set: - description: 'set defines the HTTP header that should - be set: added if it doesn''t exist or replaced - if it does. This field is required when type is - Set and forbidden otherwise.' - properties: - value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. - maxLength: 16384 - minLength: 1 - type: string - required: - - value - type: object - type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. - enum: - - Set - - Delete - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: set is required when type is Set, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) - : !has(self.set)' - name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Cookie, Set-Cookie. It must be no more than - 255 characters in length. Header name must be unique.' - maxLength: 255 - minLength: 1 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - x-kubernetes-validations: - - message: strict-transport-security header may not - be modified via header actions - rule: self.lowerAscii() != 'strict-transport-security' - - message: proxy header may not be modified via header - actions - rule: self.lowerAscii() != 'proxy' - - message: cookie header may not be modified via header - actions - rule: self.lowerAscii() != 'cookie' - - message: set-cookie header may not be modified via - header actions - rule: self.lowerAscii() != 'set-cookie' - required: - - action - - name - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: Either the header value provided is not in correct - format or the sample fetcher/converter specified is not - allowed. The dynamic header value will be interpreted - as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise must be - a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - Sample fetchers allowed are req.hdr, ssl_c_der. Converters - allowed are lower, base64. - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) - && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) - response: - description: 'response is a list of HTTP response headers - to modify. Currently, actions may define to either `Set` - or `Delete` headers values. Actions defined here will modify - the response headers of all requests made through a route. - These actions are applied to a specific Route defined within - a cluster i.e. connections made through a route. Route actions - will be executed before IngressController actions for response - headers. Actions are applied in sequence as defined in this - list. A maximum of 20 response header actions may be configured. - You can use this field to specify HTTP response headers - that should be set or deleted when forwarding responses - from your application to the client. Sample fetchers allowed - are "res.hdr" and "ssl_c_der". Converters allowed are "lower" - and "base64". Example header values: "%[res.hdr(X-target),lower]", - "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used - if your route uses TLS passthrough.' - items: - description: RouteHTTPHeader specifies configuration for - setting or deleting an HTTP header. - properties: - action: - description: action specifies actions to perform on - headers, such as setting or deleting headers. - properties: - set: - description: 'set defines the HTTP header that should - be set: added if it doesn''t exist or replaced - if it does. This field is required when type is - Set and forbidden otherwise.' - properties: - value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. - maxLength: 16384 - minLength: 1 - type: string - required: - - value - type: object - type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. - enum: - - Set - - Delete - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: set is required when type is Set, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) - : !has(self.set)' - name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Cookie, Set-Cookie. It must be no more than - 255 characters in length. Header name must be unique.' - maxLength: 255 - minLength: 1 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - x-kubernetes-validations: - - message: strict-transport-security header may not - be modified via header actions - rule: self.lowerAscii() != 'strict-transport-security' - - message: proxy header may not be modified via header - actions - rule: self.lowerAscii() != 'proxy' - - message: cookie header may not be modified via header - actions - rule: self.lowerAscii() != 'cookie' - - message: set-cookie header may not be modified via - header actions - rule: self.lowerAscii() != 'set-cookie' - required: - - action - - name - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: Either the header value provided is not in correct - format or the sample fetcher/converter specified is not - allowed. The dynamic header value will be interpreted - as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise must be - a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - Sample fetchers allowed are res.hdr, ssl_c_der. Converters - allowed are lower, base64. - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) - && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) - type: object - type: object - path: - description: path that the router watches for, to route traffic for - to the service. Optional - pattern: ^/ - type: string - port: - description: If specified, the port to be used by the router. Most - routers will use all endpoints exposed by the service by default - - set this value to instruct routers which port to use. - properties: - targetPort: - allOf: - - not: - enum: - - 0 - - not: - enum: - - "" - anyOf: null - description: The target port on pods selected by the service this - route points to. If this is a string, it will be looked up as - a named port in the target endpoints port list. Required - x-kubernetes-int-or-string: true - required: - - targetPort - type: object - subdomain: - description: "subdomain is a DNS subdomain that is requested within - the ingress controller's domain (as a subdomain). If host is set - this field is ignored. An ingress controller may choose to ignore - this suggested name, in which case the controller will report the - assigned name in the status.ingress array or refuse to admit the - route. If this value is set and the server does not support this - field host will be populated automatically. Otherwise host is left - empty. The field may have multiple parts separated by a dot, but - not all ingress controllers may honor the request. This field may - not be changed after creation except by a user with the update routes/custom-host - permission. \n Example: subdomain `frontend` automatically receives - the router subdomain `apps.mycluster.com` to have a full hostname - `frontend.apps.mycluster.com`." - maxLength: 253 - pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ - type: string - tls: - allOf: - - anyOf: - - properties: - caCertificate: - maxLength: 0 - certificate: - maxLength: 0 - destinationCACertificate: - maxLength: 0 - key: - maxLength: 0 - - not: - properties: - termination: - enum: - - passthrough - - anyOf: - - properties: - destinationCACertificate: - maxLength: 0 - - not: - properties: - termination: - enum: - - edge - description: The tls field provides the ability to configure certificates - and termination for the route. - properties: - caCertificate: - description: caCertificate provides the cert authority certificate - contents - type: string - certificate: - description: certificate provides certificate contents. This should - be a single serving certificate, not a certificate chain. Do - not include a CA certificate. - type: string - destinationCACertificate: - description: destinationCACertificate provides the contents of - the ca certificate of the final destination. When using reencrypt - termination this file should be provided in order to have routers - use it for health checks on the secure connection. If this field - is not specified, the router may provide its own destination - CA and perform hostname validation using the short service name - (service.namespace.svc), which allows infrastructure generated - certificates to automatically verify. - type: string - externalCertificate: - description: externalCertificate provides certificate contents - as a secret reference. This should be a single serving certificate, - not a certificate chain. Do not include a CA certificate. The - secret referenced should be present in the same namespace as - that of the Route. Forbidden when `certificate` is set. - properties: - name: - description: 'name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - type: object - x-kubernetes-map-type: atomic - insecureEdgeTerminationPolicy: - description: "insecureEdgeTerminationPolicy indicates the desired - behavior for insecure connections to a route. While each router - may make its own decisions on which ports to expose, this is - normally port 80. \n * Allow - traffic is sent to the server - on the insecure port (edge/reencrypt terminations only) (default). - * None - no traffic is allowed on the insecure port. * Redirect - - clients are redirected to the secure port." - enum: - - Allow - - None - - Redirect - - "" - type: string - key: - description: key provides key file contents - type: string - termination: - description: "termination indicates termination type. \n * edge - - TLS termination is done by the router and http is used to - communicate with the backend (default) * passthrough - Traffic - is sent straight to the destination without the router providing - TLS termination * reencrypt - TLS termination is done by the - router and https is used to communicate with the backend \n - Note: passthrough termination is incompatible with httpHeader - actions" - enum: - - edge - - reencrypt - - passthrough - type: string - required: - - termination - type: object - x-kubernetes-validations: - - message: cannot have both spec.tls.certificate and spec.tls.externalCertificate - rule: '!(has(self.certificate) && has(self.externalCertificate))' - - message: 'cannot have both spec.tls.termination: passthrough and - spec.tls.insecureEdgeTerminationPolicy: Allow' - rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) - ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) - : true' - to: - description: to is an object the route should use as the primary backend. - Only the Service kind is allowed, and it will be defaulted to Service. - If the weight field (0-256 default 100) is set to zero, no traffic - will be sent to this backend. - properties: - kind: - default: Service - description: The kind of target that the route is referring to. - Currently, only 'Service' is allowed - enum: - - Service - - "" - type: string - name: - description: name of the service/target that is being referred - to. e.g. name of the service - minLength: 1 - type: string - weight: - default: 100 - description: weight as an integer between 0 and 256, default 100, - that specifies the target's relative weight against other target - reference objects. 0 suppresses requests to this backend. - format: int32 - maximum: 256 - minimum: 0 - type: integer - required: - - kind - - name - type: object - wildcardPolicy: - default: None - description: Wildcard policy if any for the route. Currently only - 'Subdomain' or 'None' is allowed. - enum: - - None - - Subdomain - - "" - type: string - required: - - to - type: object - x-kubernetes-validations: - - message: header actions are not permitted when tls termination is passthrough. - rule: '!has(self.tls) || self.tls.termination != ''passthrough'' || - !has(self.httpHeaders)' - status: - description: status is the current state of the route - properties: - ingress: - description: ingress describes the places where the route may be exposed. - The list of ingress points may contain duplicate Host or RouterName - values. Routes are considered live once they are `Ready` - items: - description: RouteIngress holds information about the places where - a route is exposed. - properties: - conditions: - description: Conditions is the state of the route, may be empty. - items: - description: RouteIngressCondition contains details for the - current condition of this route on a particular router. - properties: - lastTransitionTime: - description: RFC 3339 date and time when this condition - last transitioned - format: date-time - type: string - message: - description: Human readable message indicating details - about last transition. - type: string - reason: - description: (brief) reason for the condition's last transition, - and is usually a machine and human readable constant - type: string - status: - description: Status is the status of the condition. Can - be True, False, Unknown. - type: string - type: - description: Type is the type of the condition. Currently - only Admitted or UnservableInFutureVersions. - type: string - required: - - status - - type - type: object - type: array - host: - description: Host is the host string under which the route is - exposed; this value is required - type: string - routerCanonicalHostname: - description: CanonicalHostname is the external host name for - the router that can be used as a CNAME for the host requested - for this route. This value is optional and may not be set - in all cases. - type: string - routerName: - description: Name is a name chosen by the router to identify - itself; this value is required - type: string - wildcardPolicy: - description: Wildcard policy is the wildcard policy that was - allowed where this route is exposed. - type: string - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/route/v1/route-Default.crd.yaml b/vendor/github.com/openshift/api/route/v1/route-Default.crd.yaml deleted file mode 100644 index 9005728b9f4..00000000000 --- a/vendor/github.com/openshift/api/route/v1/route-Default.crd.yaml +++ /dev/null @@ -1,662 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1228 - api.openshift.io/merged-by-featuregates: "true" - release.openshift.io/feature-set: Default - name: routes.route.openshift.io -spec: - group: route.openshift.io - names: - kind: Route - listKind: RouteList - plural: routes - singular: route - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.ingress[0].host - name: Host - type: string - - jsonPath: .status.ingress[0].conditions[?(@.type=="Admitted")].status - name: Admitted - type: string - - jsonPath: .spec.to.name - name: Service - type: string - - jsonPath: .spec.tls.type - name: TLS - type: string - name: v1 - schema: - openAPIV3Schema: - description: "A route allows developers to expose services through an HTTP(S) - aware load balancing and proxy layer via a public DNS entry. The route may - further specify TLS options and a certificate, or specify a public CNAME - that the router should also accept for HTTP and HTTPS traffic. An administrator - typically configures their router to be visible outside the cluster firewall, - and may also add additional security, caching, or traffic controls on the - service content. Routers usually talk directly to the service endpoints. - \n Once a route is created, the `host` field may not be changed. Generally, - routers use the oldest route with a given host when resolving conflicts. - \n Routers are subject to additional customization and may support additional - controls via the annotations field. \n Because administrators may configure - multiple routers, the route status field is used to return information to - clients about the names and states of the route under each router. If a - client chooses a duplicate name, for instance, the route status conditions - are used to indicate the route cannot be chosen. \n To enable HTTP/2 ALPN - on a route it requires a custom (non-wildcard) certificate. This prevents - connection coalescing by clients, notably web browsers. We do not support - HTTP/2 ALPN on routes that use the default certificate because of the risk - of connection re-use/coalescing. Routes that do not have their own custom - certificate will not be HTTP/2 ALPN-enabled on either the frontend or the - backend. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - allOf: - - anyOf: - - properties: - path: - maxLength: 0 - - properties: - tls: - enum: - - null - - not: - properties: - tls: - properties: - termination: - enum: - - passthrough - - anyOf: - - not: - properties: - host: - maxLength: 0 - - not: - properties: - wildcardPolicy: - enum: - - Subdomain - description: spec is the desired state of the route - properties: - alternateBackends: - description: alternateBackends allows up to 3 additional backends - to be assigned to the route. Only the Service kind is allowed, and - it will be defaulted to Service. Use the weight field in RouteTargetReference - object to specify relative preference. - items: - description: RouteTargetReference specifies the target that resolve - into endpoints. Only the 'Service' kind is allowed. Use 'weight' - field to emphasize one over others. - properties: - kind: - default: Service - description: The kind of target that the route is referring - to. Currently, only 'Service' is allowed - enum: - - Service - - "" - type: string - name: - description: name of the service/target that is being referred - to. e.g. name of the service - minLength: 1 - type: string - weight: - default: 100 - description: weight as an integer between 0 and 256, default - 100, that specifies the target's relative weight against other - target reference objects. 0 suppresses requests to this backend. - format: int32 - maximum: 256 - minimum: 0 - type: integer - required: - - kind - - name - type: object - maxItems: 3 - type: array - host: - description: host is an alias/DNS that points to the service. Optional. - If not specified a route name will typically be automatically chosen. - Must follow DNS952 subdomain conventions. - maxLength: 253 - pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ - type: string - httpHeaders: - description: httpHeaders defines policy for HTTP headers. - properties: - actions: - description: 'actions specifies options for modifying headers - and their values. Note that this option only applies to cleartext - HTTP connections and to secure HTTP connections for which the - ingress controller terminates encryption (that is, edge-terminated - or reencrypt connections). Headers cannot be modified for TLS - passthrough connections. Setting the HSTS (`Strict-Transport-Security`) - header is not supported via actions. `Strict-Transport-Security` - may only be configured using the "haproxy.router.openshift.io/hsts_header" - route annotation, and only in accordance with the policy specified - in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request - headers, the actions specified in spec.httpHeaders.actions on - the Route will be executed after the actions specified in the - IngressController''s spec.httpHeaders.actions field. In case - of HTTP response headers, the actions specified in spec.httpHeaders.actions - on the IngressController will be executed after the actions - specified in the Route''s spec.httpHeaders.actions field. The - headers set via this API will not appear in access logs. Any - actions defined here are applied after any actions related to - the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, - spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. - The following header names are reserved and may not be modified - via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. - Note that the total size of all net added headers *after* interpolating - dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. Please refer to the documentation - for that API field for more details.' - properties: - request: - description: 'request is a list of HTTP request headers to - modify. Currently, actions may define to either `Set` or - `Delete` headers values. Actions defined here will modify - the request headers of all requests made through a route. - These actions are applied to a specific Route defined within - a cluster i.e. connections made through a route. Currently, - actions may define to either `Set` or `Delete` headers values. - Route actions will be executed after IngressController actions - for request headers. Actions are applied in sequence as - defined in this list. A maximum of 20 request header actions - may be configured. You can use this field to specify HTTP - request headers that should be set or deleted when forwarding - connections from the client to your application. Sample - fetchers allowed are "req.hdr" and "ssl_c_der". Converters - allowed are "lower" and "base64". Example header values: - "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". - Any request header configuration applied directly via a - Route resource using this API will override header configuration - for a header of the same name applied via spec.httpHeaders.actions - on the IngressController or route annotation. Note: This - field cannot be used if your route uses TLS passthrough.' - items: - description: RouteHTTPHeader specifies configuration for - setting or deleting an HTTP header. - properties: - action: - description: action specifies actions to perform on - headers, such as setting or deleting headers. - properties: - set: - description: 'set defines the HTTP header that should - be set: added if it doesn''t exist or replaced - if it does. This field is required when type is - Set and forbidden otherwise.' - properties: - value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. - maxLength: 16384 - minLength: 1 - type: string - required: - - value - type: object - type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. - enum: - - Set - - Delete - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: set is required when type is Set, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) - : !has(self.set)' - name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Cookie, Set-Cookie. It must be no more than - 255 characters in length. Header name must be unique.' - maxLength: 255 - minLength: 1 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - x-kubernetes-validations: - - message: strict-transport-security header may not - be modified via header actions - rule: self.lowerAscii() != 'strict-transport-security' - - message: proxy header may not be modified via header - actions - rule: self.lowerAscii() != 'proxy' - - message: cookie header may not be modified via header - actions - rule: self.lowerAscii() != 'cookie' - - message: set-cookie header may not be modified via - header actions - rule: self.lowerAscii() != 'set-cookie' - required: - - action - - name - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: Either the header value provided is not in correct - format or the sample fetcher/converter specified is not - allowed. The dynamic header value will be interpreted - as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise must be - a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - Sample fetchers allowed are req.hdr, ssl_c_der. Converters - allowed are lower, base64. - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) - && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) - response: - description: 'response is a list of HTTP response headers - to modify. Currently, actions may define to either `Set` - or `Delete` headers values. Actions defined here will modify - the response headers of all requests made through a route. - These actions are applied to a specific Route defined within - a cluster i.e. connections made through a route. Route actions - will be executed before IngressController actions for response - headers. Actions are applied in sequence as defined in this - list. A maximum of 20 response header actions may be configured. - You can use this field to specify HTTP response headers - that should be set or deleted when forwarding responses - from your application to the client. Sample fetchers allowed - are "res.hdr" and "ssl_c_der". Converters allowed are "lower" - and "base64". Example header values: "%[res.hdr(X-target),lower]", - "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used - if your route uses TLS passthrough.' - items: - description: RouteHTTPHeader specifies configuration for - setting or deleting an HTTP header. - properties: - action: - description: action specifies actions to perform on - headers, such as setting or deleting headers. - properties: - set: - description: 'set defines the HTTP header that should - be set: added if it doesn''t exist or replaced - if it does. This field is required when type is - Set and forbidden otherwise.' - properties: - value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. - maxLength: 16384 - minLength: 1 - type: string - required: - - value - type: object - type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. - enum: - - Set - - Delete - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: set is required when type is Set, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) - : !has(self.set)' - name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Cookie, Set-Cookie. It must be no more than - 255 characters in length. Header name must be unique.' - maxLength: 255 - minLength: 1 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - x-kubernetes-validations: - - message: strict-transport-security header may not - be modified via header actions - rule: self.lowerAscii() != 'strict-transport-security' - - message: proxy header may not be modified via header - actions - rule: self.lowerAscii() != 'proxy' - - message: cookie header may not be modified via header - actions - rule: self.lowerAscii() != 'cookie' - - message: set-cookie header may not be modified via - header actions - rule: self.lowerAscii() != 'set-cookie' - required: - - action - - name - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: Either the header value provided is not in correct - format or the sample fetcher/converter specified is not - allowed. The dynamic header value will be interpreted - as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise must be - a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - Sample fetchers allowed are res.hdr, ssl_c_der. Converters - allowed are lower, base64. - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) - && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) - type: object - type: object - path: - description: path that the router watches for, to route traffic for - to the service. Optional - pattern: ^/ - type: string - port: - description: If specified, the port to be used by the router. Most - routers will use all endpoints exposed by the service by default - - set this value to instruct routers which port to use. - properties: - targetPort: - allOf: - - not: - enum: - - 0 - - not: - enum: - - "" - anyOf: null - description: The target port on pods selected by the service this - route points to. If this is a string, it will be looked up as - a named port in the target endpoints port list. Required - x-kubernetes-int-or-string: true - required: - - targetPort - type: object - subdomain: - description: "subdomain is a DNS subdomain that is requested within - the ingress controller's domain (as a subdomain). If host is set - this field is ignored. An ingress controller may choose to ignore - this suggested name, in which case the controller will report the - assigned name in the status.ingress array or refuse to admit the - route. If this value is set and the server does not support this - field host will be populated automatically. Otherwise host is left - empty. The field may have multiple parts separated by a dot, but - not all ingress controllers may honor the request. This field may - not be changed after creation except by a user with the update routes/custom-host - permission. \n Example: subdomain `frontend` automatically receives - the router subdomain `apps.mycluster.com` to have a full hostname - `frontend.apps.mycluster.com`." - maxLength: 253 - pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ - type: string - tls: - allOf: - - anyOf: - - properties: - caCertificate: - maxLength: 0 - certificate: - maxLength: 0 - destinationCACertificate: - maxLength: 0 - key: - maxLength: 0 - - not: - properties: - termination: - enum: - - passthrough - - anyOf: - - properties: - destinationCACertificate: - maxLength: 0 - - not: - properties: - termination: - enum: - - edge - description: The tls field provides the ability to configure certificates - and termination for the route. - properties: - caCertificate: - description: caCertificate provides the cert authority certificate - contents - type: string - certificate: - description: certificate provides certificate contents. This should - be a single serving certificate, not a certificate chain. Do - not include a CA certificate. - type: string - destinationCACertificate: - description: destinationCACertificate provides the contents of - the ca certificate of the final destination. When using reencrypt - termination this file should be provided in order to have routers - use it for health checks on the secure connection. If this field - is not specified, the router may provide its own destination - CA and perform hostname validation using the short service name - (service.namespace.svc), which allows infrastructure generated - certificates to automatically verify. - type: string - insecureEdgeTerminationPolicy: - description: "insecureEdgeTerminationPolicy indicates the desired - behavior for insecure connections to a route. While each router - may make its own decisions on which ports to expose, this is - normally port 80. \n * Allow - traffic is sent to the server - on the insecure port (edge/reencrypt terminations only) (default). - * None - no traffic is allowed on the insecure port. * Redirect - - clients are redirected to the secure port." - enum: - - Allow - - None - - Redirect - - "" - type: string - key: - description: key provides key file contents - type: string - termination: - description: "termination indicates termination type. \n * edge - - TLS termination is done by the router and http is used to - communicate with the backend (default) * passthrough - Traffic - is sent straight to the destination without the router providing - TLS termination * reencrypt - TLS termination is done by the - router and https is used to communicate with the backend \n - Note: passthrough termination is incompatible with httpHeader - actions" - enum: - - edge - - reencrypt - - passthrough - type: string - required: - - termination - type: object - x-kubernetes-validations: - - message: 'cannot have both spec.tls.termination: passthrough and - spec.tls.insecureEdgeTerminationPolicy: Allow' - rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) - ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) - : true' - to: - description: to is an object the route should use as the primary backend. - Only the Service kind is allowed, and it will be defaulted to Service. - If the weight field (0-256 default 100) is set to zero, no traffic - will be sent to this backend. - properties: - kind: - default: Service - description: The kind of target that the route is referring to. - Currently, only 'Service' is allowed - enum: - - Service - - "" - type: string - name: - description: name of the service/target that is being referred - to. e.g. name of the service - minLength: 1 - type: string - weight: - default: 100 - description: weight as an integer between 0 and 256, default 100, - that specifies the target's relative weight against other target - reference objects. 0 suppresses requests to this backend. - format: int32 - maximum: 256 - minimum: 0 - type: integer - required: - - kind - - name - type: object - wildcardPolicy: - default: None - description: Wildcard policy if any for the route. Currently only - 'Subdomain' or 'None' is allowed. - enum: - - None - - Subdomain - - "" - type: string - required: - - to - type: object - x-kubernetes-validations: - - message: header actions are not permitted when tls termination is passthrough. - rule: '!has(self.tls) || self.tls.termination != ''passthrough'' || - !has(self.httpHeaders)' - status: - description: status is the current state of the route - properties: - ingress: - description: ingress describes the places where the route may be exposed. - The list of ingress points may contain duplicate Host or RouterName - values. Routes are considered live once they are `Ready` - items: - description: RouteIngress holds information about the places where - a route is exposed. - properties: - conditions: - description: Conditions is the state of the route, may be empty. - items: - description: RouteIngressCondition contains details for the - current condition of this route on a particular router. - properties: - lastTransitionTime: - description: RFC 3339 date and time when this condition - last transitioned - format: date-time - type: string - message: - description: Human readable message indicating details - about last transition. - type: string - reason: - description: (brief) reason for the condition's last transition, - and is usually a machine and human readable constant - type: string - status: - description: Status is the status of the condition. Can - be True, False, Unknown. - type: string - type: - description: Type is the type of the condition. Currently - only Admitted or UnservableInFutureVersions. - type: string - required: - - status - - type - type: object - type: array - host: - description: Host is the host string under which the route is - exposed; this value is required - type: string - routerCanonicalHostname: - description: CanonicalHostname is the external host name for - the router that can be used as a CNAME for the host requested - for this route. This value is optional and may not be set - in all cases. - type: string - routerName: - description: Name is a name chosen by the router to identify - itself; this value is required - type: string - wildcardPolicy: - description: Wildcard policy is the wildcard policy that was - allowed where this route is exposed. - type: string - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml b/vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml deleted file mode 100644 index fbe277e5b2f..00000000000 --- a/vendor/github.com/openshift/api/route/v1/route-TechPreviewNoUpgrade.crd.yaml +++ /dev/null @@ -1,676 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - api-approved.openshift.io: https://github.com/openshift/api/pull/1228 - api.openshift.io/merged-by-featuregates: "true" - release.openshift.io/feature-set: TechPreviewNoUpgrade - name: routes.route.openshift.io -spec: - group: route.openshift.io - names: - kind: Route - listKind: RouteList - plural: routes - singular: route - scope: Namespaced - versions: - - additionalPrinterColumns: - - jsonPath: .status.ingress[0].host - name: Host - type: string - - jsonPath: .status.ingress[0].conditions[?(@.type=="Admitted")].status - name: Admitted - type: string - - jsonPath: .spec.to.name - name: Service - type: string - - jsonPath: .spec.tls.type - name: TLS - type: string - name: v1 - schema: - openAPIV3Schema: - description: "A route allows developers to expose services through an HTTP(S) - aware load balancing and proxy layer via a public DNS entry. The route may - further specify TLS options and a certificate, or specify a public CNAME - that the router should also accept for HTTP and HTTPS traffic. An administrator - typically configures their router to be visible outside the cluster firewall, - and may also add additional security, caching, or traffic controls on the - service content. Routers usually talk directly to the service endpoints. - \n Once a route is created, the `host` field may not be changed. Generally, - routers use the oldest route with a given host when resolving conflicts. - \n Routers are subject to additional customization and may support additional - controls via the annotations field. \n Because administrators may configure - multiple routers, the route status field is used to return information to - clients about the names and states of the route under each router. If a - client chooses a duplicate name, for instance, the route status conditions - are used to indicate the route cannot be chosen. \n To enable HTTP/2 ALPN - on a route it requires a custom (non-wildcard) certificate. This prevents - connection coalescing by clients, notably web browsers. We do not support - HTTP/2 ALPN on routes that use the default certificate because of the risk - of connection re-use/coalescing. Routes that do not have their own custom - certificate will not be HTTP/2 ALPN-enabled on either the frontend or the - backend. \n Compatibility level 1: Stable within a major release for a minimum - of 12 months or 3 minor releases (whichever is longer)." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - allOf: - - anyOf: - - properties: - path: - maxLength: 0 - - properties: - tls: - enum: - - null - - not: - properties: - tls: - properties: - termination: - enum: - - passthrough - - anyOf: - - not: - properties: - host: - maxLength: 0 - - not: - properties: - wildcardPolicy: - enum: - - Subdomain - description: spec is the desired state of the route - properties: - alternateBackends: - description: alternateBackends allows up to 3 additional backends - to be assigned to the route. Only the Service kind is allowed, and - it will be defaulted to Service. Use the weight field in RouteTargetReference - object to specify relative preference. - items: - description: RouteTargetReference specifies the target that resolve - into endpoints. Only the 'Service' kind is allowed. Use 'weight' - field to emphasize one over others. - properties: - kind: - default: Service - description: The kind of target that the route is referring - to. Currently, only 'Service' is allowed - enum: - - Service - - "" - type: string - name: - description: name of the service/target that is being referred - to. e.g. name of the service - minLength: 1 - type: string - weight: - default: 100 - description: weight as an integer between 0 and 256, default - 100, that specifies the target's relative weight against other - target reference objects. 0 suppresses requests to this backend. - format: int32 - maximum: 256 - minimum: 0 - type: integer - required: - - kind - - name - type: object - maxItems: 3 - type: array - host: - description: host is an alias/DNS that points to the service. Optional. - If not specified a route name will typically be automatically chosen. - Must follow DNS952 subdomain conventions. - maxLength: 253 - pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ - type: string - httpHeaders: - description: httpHeaders defines policy for HTTP headers. - properties: - actions: - description: 'actions specifies options for modifying headers - and their values. Note that this option only applies to cleartext - HTTP connections and to secure HTTP connections for which the - ingress controller terminates encryption (that is, edge-terminated - or reencrypt connections). Headers cannot be modified for TLS - passthrough connections. Setting the HSTS (`Strict-Transport-Security`) - header is not supported via actions. `Strict-Transport-Security` - may only be configured using the "haproxy.router.openshift.io/hsts_header" - route annotation, and only in accordance with the policy specified - in Ingress.Spec.RequiredHSTSPolicies. In case of HTTP request - headers, the actions specified in spec.httpHeaders.actions on - the Route will be executed after the actions specified in the - IngressController''s spec.httpHeaders.actions field. In case - of HTTP response headers, the actions specified in spec.httpHeaders.actions - on the IngressController will be executed after the actions - specified in the Route''s spec.httpHeaders.actions field. The - headers set via this API will not appear in access logs. Any - actions defined here are applied after any actions related to - the following other fields: cache-control, spec.clientTLS, spec.httpHeaders.forwardedHeaderPolicy, - spec.httpHeaders.uniqueId, and spec.httpHeaders.headerNameCaseAdjustments. - The following header names are reserved and may not be modified - via this API: Strict-Transport-Security, Proxy, Cookie, Set-Cookie. - Note that the total size of all net added headers *after* interpolating - dynamic values must not exceed the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. Please refer to the documentation - for that API field for more details.' - properties: - request: - description: 'request is a list of HTTP request headers to - modify. Currently, actions may define to either `Set` or - `Delete` headers values. Actions defined here will modify - the request headers of all requests made through a route. - These actions are applied to a specific Route defined within - a cluster i.e. connections made through a route. Currently, - actions may define to either `Set` or `Delete` headers values. - Route actions will be executed after IngressController actions - for request headers. Actions are applied in sequence as - defined in this list. A maximum of 20 request header actions - may be configured. You can use this field to specify HTTP - request headers that should be set or deleted when forwarding - connections from the client to your application. Sample - fetchers allowed are "req.hdr" and "ssl_c_der". Converters - allowed are "lower" and "base64". Example header values: - "%[req.hdr(X-target),lower]", "%{+Q}[ssl_c_der,base64]". - Any request header configuration applied directly via a - Route resource using this API will override header configuration - for a header of the same name applied via spec.httpHeaders.actions - on the IngressController or route annotation. Note: This - field cannot be used if your route uses TLS passthrough.' - items: - description: RouteHTTPHeader specifies configuration for - setting or deleting an HTTP header. - properties: - action: - description: action specifies actions to perform on - headers, such as setting or deleting headers. - properties: - set: - description: 'set defines the HTTP header that should - be set: added if it doesn''t exist or replaced - if it does. This field is required when type is - Set and forbidden otherwise.' - properties: - value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. - maxLength: 16384 - minLength: 1 - type: string - required: - - value - type: object - type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. - enum: - - Set - - Delete - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: set is required when type is Set, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) - : !has(self.set)' - name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Cookie, Set-Cookie. It must be no more than - 255 characters in length. Header name must be unique.' - maxLength: 255 - minLength: 1 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - x-kubernetes-validations: - - message: strict-transport-security header may not - be modified via header actions - rule: self.lowerAscii() != 'strict-transport-security' - - message: proxy header may not be modified via header - actions - rule: self.lowerAscii() != 'proxy' - - message: cookie header may not be modified via header - actions - rule: self.lowerAscii() != 'cookie' - - message: set-cookie header may not be modified via - header actions - rule: self.lowerAscii() != 'set-cookie' - required: - - action - - name - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: Either the header value provided is not in correct - format or the sample fetcher/converter specified is not - allowed. The dynamic header value will be interpreted - as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise must be - a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - Sample fetchers allowed are req.hdr, ssl_c_der. Converters - allowed are lower, base64. - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) - && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:req\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) - response: - description: 'response is a list of HTTP response headers - to modify. Currently, actions may define to either `Set` - or `Delete` headers values. Actions defined here will modify - the response headers of all requests made through a route. - These actions are applied to a specific Route defined within - a cluster i.e. connections made through a route. Route actions - will be executed before IngressController actions for response - headers. Actions are applied in sequence as defined in this - list. A maximum of 20 response header actions may be configured. - You can use this field to specify HTTP response headers - that should be set or deleted when forwarding responses - from your application to the client. Sample fetchers allowed - are "res.hdr" and "ssl_c_der". Converters allowed are "lower" - and "base64". Example header values: "%[res.hdr(X-target),lower]", - "%{+Q}[ssl_c_der,base64]". Note: This field cannot be used - if your route uses TLS passthrough.' - items: - description: RouteHTTPHeader specifies configuration for - setting or deleting an HTTP header. - properties: - action: - description: action specifies actions to perform on - headers, such as setting or deleting headers. - properties: - set: - description: 'set defines the HTTP header that should - be set: added if it doesn''t exist or replaced - if it does. This field is required when type is - Set and forbidden otherwise.' - properties: - value: - description: value specifies a header value. - Dynamic values can be added. The value will - be interpreted as an HAProxy format string - as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise - must be a valid HTTP header value as defined - in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - The value of this field must be no more than - 16384 characters in length. Note that the - total size of all net added headers *after* - interpolating dynamic values must not exceed - the value of spec.tuningOptions.headerBufferMaxRewriteBytes - on the IngressController. - maxLength: 16384 - minLength: 1 - type: string - required: - - value - type: object - type: - description: type defines the type of the action - to be applied on the header. Possible values are - Set or Delete. Set allows you to set HTTP request - and response headers. Delete allows you to delete - HTTP request and response headers. - enum: - - Set - - Delete - type: string - required: - - type - type: object - x-kubernetes-validations: - - message: set is required when type is Set, and forbidden - otherwise - rule: 'has(self.type) && self.type == ''Set'' ? has(self.set) - : !has(self.set)' - name: - description: 'name specifies the name of a header on - which to perform an action. Its value must be a valid - HTTP header name as defined in RFC 2616 section 4.2. - The name must consist only of alphanumeric and the - following special characters, "-!#$%&''*+.^_`". The - following header names are reserved and may not be - modified via this API: Strict-Transport-Security, - Proxy, Cookie, Set-Cookie. It must be no more than - 255 characters in length. Header name must be unique.' - maxLength: 255 - minLength: 1 - pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ - type: string - x-kubernetes-validations: - - message: strict-transport-security header may not - be modified via header actions - rule: self.lowerAscii() != 'strict-transport-security' - - message: proxy header may not be modified via header - actions - rule: self.lowerAscii() != 'proxy' - - message: cookie header may not be modified via header - actions - rule: self.lowerAscii() != 'cookie' - - message: set-cookie header may not be modified via - header actions - rule: self.lowerAscii() != 'set-cookie' - required: - - action - - name - type: object - maxItems: 20 - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - x-kubernetes-validations: - - message: Either the header value provided is not in correct - format or the sample fetcher/converter specified is not - allowed. The dynamic header value will be interpreted - as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 - and may use HAProxy's %[] syntax and otherwise must be - a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. - Sample fetchers allowed are res.hdr, ssl_c_der. Converters - allowed are lower, base64. - rule: self.all(key, key.action.type == "Delete" || (has(key.action.set) - && key.action.set.value.matches('^(?:%(?:%|(?:\\{[-+]?[QXE](?:,[-+]?[QXE])*\\})?\\[(?:res\\.hdr\\([0-9A-Za-z-]+\\)|ssl_c_der)(?:,(?:lower|base64))*\\])|[^%[:cntrl:]])+$'))) - type: object - type: object - path: - description: path that the router watches for, to route traffic for - to the service. Optional - pattern: ^/ - type: string - port: - description: If specified, the port to be used by the router. Most - routers will use all endpoints exposed by the service by default - - set this value to instruct routers which port to use. - properties: - targetPort: - allOf: - - not: - enum: - - 0 - - not: - enum: - - "" - anyOf: null - description: The target port on pods selected by the service this - route points to. If this is a string, it will be looked up as - a named port in the target endpoints port list. Required - x-kubernetes-int-or-string: true - required: - - targetPort - type: object - subdomain: - description: "subdomain is a DNS subdomain that is requested within - the ingress controller's domain (as a subdomain). If host is set - this field is ignored. An ingress controller may choose to ignore - this suggested name, in which case the controller will report the - assigned name in the status.ingress array or refuse to admit the - route. If this value is set and the server does not support this - field host will be populated automatically. Otherwise host is left - empty. The field may have multiple parts separated by a dot, but - not all ingress controllers may honor the request. This field may - not be changed after creation except by a user with the update routes/custom-host - permission. \n Example: subdomain `frontend` automatically receives - the router subdomain `apps.mycluster.com` to have a full hostname - `frontend.apps.mycluster.com`." - maxLength: 253 - pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ - type: string - tls: - allOf: - - anyOf: - - properties: - caCertificate: - maxLength: 0 - certificate: - maxLength: 0 - destinationCACertificate: - maxLength: 0 - key: - maxLength: 0 - - not: - properties: - termination: - enum: - - passthrough - - anyOf: - - properties: - destinationCACertificate: - maxLength: 0 - - not: - properties: - termination: - enum: - - edge - description: The tls field provides the ability to configure certificates - and termination for the route. - properties: - caCertificate: - description: caCertificate provides the cert authority certificate - contents - type: string - certificate: - description: certificate provides certificate contents. This should - be a single serving certificate, not a certificate chain. Do - not include a CA certificate. - type: string - destinationCACertificate: - description: destinationCACertificate provides the contents of - the ca certificate of the final destination. When using reencrypt - termination this file should be provided in order to have routers - use it for health checks on the secure connection. If this field - is not specified, the router may provide its own destination - CA and perform hostname validation using the short service name - (service.namespace.svc), which allows infrastructure generated - certificates to automatically verify. - type: string - externalCertificate: - description: externalCertificate provides certificate contents - as a secret reference. This should be a single serving certificate, - not a certificate chain. Do not include a CA certificate. The - secret referenced should be present in the same namespace as - that of the Route. Forbidden when `certificate` is set. - properties: - name: - description: 'name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - type: object - x-kubernetes-map-type: atomic - insecureEdgeTerminationPolicy: - description: "insecureEdgeTerminationPolicy indicates the desired - behavior for insecure connections to a route. While each router - may make its own decisions on which ports to expose, this is - normally port 80. \n * Allow - traffic is sent to the server - on the insecure port (edge/reencrypt terminations only) (default). - * None - no traffic is allowed on the insecure port. * Redirect - - clients are redirected to the secure port." - enum: - - Allow - - None - - Redirect - - "" - type: string - key: - description: key provides key file contents - type: string - termination: - description: "termination indicates termination type. \n * edge - - TLS termination is done by the router and http is used to - communicate with the backend (default) * passthrough - Traffic - is sent straight to the destination without the router providing - TLS termination * reencrypt - TLS termination is done by the - router and https is used to communicate with the backend \n - Note: passthrough termination is incompatible with httpHeader - actions" - enum: - - edge - - reencrypt - - passthrough - type: string - required: - - termination - type: object - x-kubernetes-validations: - - message: cannot have both spec.tls.certificate and spec.tls.externalCertificate - rule: '!(has(self.certificate) && has(self.externalCertificate))' - - message: 'cannot have both spec.tls.termination: passthrough and - spec.tls.insecureEdgeTerminationPolicy: Allow' - rule: 'has(self.termination) && has(self.insecureEdgeTerminationPolicy) - ? !((self.termination==''passthrough'') && (self.insecureEdgeTerminationPolicy==''Allow'')) - : true' - to: - description: to is an object the route should use as the primary backend. - Only the Service kind is allowed, and it will be defaulted to Service. - If the weight field (0-256 default 100) is set to zero, no traffic - will be sent to this backend. - properties: - kind: - default: Service - description: The kind of target that the route is referring to. - Currently, only 'Service' is allowed - enum: - - Service - - "" - type: string - name: - description: name of the service/target that is being referred - to. e.g. name of the service - minLength: 1 - type: string - weight: - default: 100 - description: weight as an integer between 0 and 256, default 100, - that specifies the target's relative weight against other target - reference objects. 0 suppresses requests to this backend. - format: int32 - maximum: 256 - minimum: 0 - type: integer - required: - - kind - - name - type: object - wildcardPolicy: - default: None - description: Wildcard policy if any for the route. Currently only - 'Subdomain' or 'None' is allowed. - enum: - - None - - Subdomain - - "" - type: string - required: - - to - type: object - x-kubernetes-validations: - - message: header actions are not permitted when tls termination is passthrough. - rule: '!has(self.tls) || self.tls.termination != ''passthrough'' || - !has(self.httpHeaders)' - status: - description: status is the current state of the route - properties: - ingress: - description: ingress describes the places where the route may be exposed. - The list of ingress points may contain duplicate Host or RouterName - values. Routes are considered live once they are `Ready` - items: - description: RouteIngress holds information about the places where - a route is exposed. - properties: - conditions: - description: Conditions is the state of the route, may be empty. - items: - description: RouteIngressCondition contains details for the - current condition of this route on a particular router. - properties: - lastTransitionTime: - description: RFC 3339 date and time when this condition - last transitioned - format: date-time - type: string - message: - description: Human readable message indicating details - about last transition. - type: string - reason: - description: (brief) reason for the condition's last transition, - and is usually a machine and human readable constant - type: string - status: - description: Status is the status of the condition. Can - be True, False, Unknown. - type: string - type: - description: Type is the type of the condition. Currently - only Admitted or UnservableInFutureVersions. - type: string - required: - - status - - type - type: object - type: array - host: - description: Host is the host string under which the route is - exposed; this value is required - type: string - routerCanonicalHostname: - description: CanonicalHostname is the external host name for - the router that can be used as a CNAME for the host requested - for this route. This value is optional and may not be set - in all cases. - type: string - routerName: - description: Name is a name chosen by the router to identify - itself; this value is required - type: string - wildcardPolicy: - description: Wildcard policy is the wildcard policy that was - allowed where this route is exposed. - type: string - type: object - type: array - type: object - required: - - spec - type: object - served: true - storage: true - subresources: - status: {} diff --git a/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml b/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml deleted file mode 100644 index 017981ec9b6..00000000000 --- a/vendor/github.com/openshift/api/route/v1/stable.route.testsuite.yaml +++ /dev/null @@ -1,675 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] Route" -crd: route-Default.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Route - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - expected: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - weight: 100 - wildcardPolicy: None - - name: "cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow" - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Allow - expectedError: "cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow" - - name: "spec.tls.termination: passthrough is compatible with spec.tls.insecureEdgeTerminationPolicy: Redirect" - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Redirect - expected: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - weight: 100 - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Redirect - wildcardPolicy: None - - name: "spec.tls.termination: passthrough is compatible with spec.tls.insecureEdgeTerminationPolicy: None" - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - tls: - termination: passthrough - insecureEdgeTerminationPolicy: None - expected: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - weight: 100 - tls: - termination: passthrough - insecureEdgeTerminationPolicy: None - wildcardPolicy: None - - name: Should be able to create a Route with valid actions - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-actions - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - - name: X-Cache-Info - action: - type: Set - set: - value: "not cacheable; meta data too large" - - name: X-XSS-Protection - action: - type: Delete - - name: X-Source - action: - type: Set - set: - value: "%[res.hdr(X-Value),lower]" - request: - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: "%{+Q}[ssl_c_der,base64]" - - name: Content-Language - action: - type: Delete - - name: X-Target - action: - type: Set - set: - value: "%[req.hdr(host),lower]" - - name: X-Conditional - action: - type: Set - set: - value: "%[req.hdr(Host)] if foo" - - name: X-Condition - action: - type: Set - set: - value: "%[req.hdr(Host)]\ if\ foo" - expected: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-actions - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - weight: 100 - wildcardPolicy: None - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - - name: X-Cache-Info - action: - type: Set - set: - value: "not cacheable; meta data too large" - - name: X-XSS-Protection - action: - type: Delete - - name: X-Source - action: - type: Set - set: - value: "%[res.hdr(X-Value),lower]" - request: - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: "%{+Q}[ssl_c_der,base64]" - - name: Content-Language - action: - type: Delete - - name: X-Target - action: - type: Set - set: - value: "%[req.hdr(host),lower]" - - name: X-Conditional - action: - type: Set - set: - value: "%[req.hdr(Host)] if foo" - - name: X-Condition - action: - type: Set - set: - value: "%[req.hdr(Host)]\ if\ foo" - - name: "Should not allow response header actions if tls termination is set to passthrough" - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-passthrough - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: passthrough - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - - name: X-XSS-Protection - action: - type: Delete - expectedError: "header actions are not permitted when tls termination is passthrough." - - name: "Should not allow request header actions if tls termination is set to passthrough" - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-passthrough - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: passthrough - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - request: - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: "%{+Q}[ssl_c_der,base64]" - - name: Content-Language - action: - type: Delete - - name: X-Target - action: - type: Set - set: - value: "%[req.hdr(host),lower]" - expectedError: "header actions are not permitted when tls termination is passthrough." - - name: Should not allow to set/delete HSTS header. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-edge-hsts - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - set: - value: DENY - - name: Strict-Transport-Security - action: - type: Delete - request: - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: Content-Language - action: - type: Delete - expectedError: "strict-transport-security header may not be modified via header actions" - - name: Should not allow to set proxy request header. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: hello-openshift-edge-proxy - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - request: - - name: Proxy - action: - type: Set - set: - value: example.xyz - expectedError: "proxy header may not be modified via header actions" - - name: Should not allow to set cookie header. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: hello-openshift-edge-proxy - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - request: - - name: Cookie - action: - type: Set - set: - value: "PHPSESSID=298zf09hf012fh2; csrftoken=u32t4o3tb3gg43; _gat=1" - expectedError: "cookie header may not be modified via header actions" - - name: Should not allow to set set-cookie header. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - name: hello-openshift-edge-proxy - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - response: - - name: Set-Cookie - action: - type: Set - set: - value: "sessionId=e8bb43229de9; Domain=foo.example.com" - expectedError: "set-cookie header may not be modified via header actions" - - name: Should not allow to set/delete dynamic headers with unclosed braces. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-edge-unclosed-braces - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - request: - - name: Content-Location - action: - type: Set - set: - value: /my-first-blog-post - - name: Content-Language - action: - type: Delete - - name: expires - action: - type: Set - set: - value: "%[req.hdr(host),lower" - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set dynamic response header values with not allowed sample fetchers. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-edge-not-allowed-values - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - response: - - name: X-Target - action: - type: Set - set: - value: "%{+Q}[ssl_c_der1,base64]" - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set/delete dynamic response header values with not allowed converters. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-edge-not-allowed-values - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - response: - - name: X-Target - action: - type: Set - set: - value: "%{+Q}[ssl_c_der,bogus]" - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set/delete dynamic response header values containing req.hdr fetcher. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-edge-not-allowed-values - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - response: - - name: X-Target - action: - type: Set - set: - value: "%[req.hdr(host),lower]" - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are res.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set/delete dynamic response header values containing req.hdr fetcher. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-edge-not-allowed-values - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - request: - - name: X-Source - action: - type: Set - set: - value: "%[res.hdr(X-Value),lower]" - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set/delete dynamic request header values with not allowed converters. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-edge-not-allowed-values - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - request: - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: "%{+Q}[ssl_c_der,bogus]" - - name: Content-Language - action: - type: Delete - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow to set dynamic request header values with not allowed sample fetchers. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-edge-not-allowed-values - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - request: - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: "%{+Q}[ssl_c_der1122,base64]" - - name: Content-Language - action: - type: Delete - expectedError: "Either the header value provided is not in correct format or the sample fetcher/converter specified is not allowed. The dynamic header value will be interpreted as an HAProxy format string as defined in http://cbonte.github.io/haproxy-dconv/2.6/configuration.html#8.2.6 and may use HAProxy's %[] syntax and otherwise must be a valid HTTP header value as defined in https://datatracker.ietf.org/doc/html/rfc7230#section-3.2. Sample fetchers allowed are req.hdr, ssl_c_der. Converters allowed are lower, base64." - - name: Should not allow empty value in request - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-edge-not-allowed-values - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - request: - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: - expectedError: 'Route.route.openshift.io "hello-openshift-edge-not-allowed-values" is invalid: [spec.httpHeaders.actions.request[0].action.set.value: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' - - name: Should not allow empty value in response - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-edge-not-allowed-values - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - response: - - name: X-SSL-Client-Cert - action: - type: Set - set: - value: - expectedError: 'Route.route.openshift.io "hello-openshift-edge-not-allowed-values" is invalid: [spec.httpHeaders.actions.response[0].action.set.value: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' - - name: Should be required to specify the set field when the discriminant type is Set. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-actions - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - type: Set - expectedError: "set is required when type is Set, and forbidden otherwise" - - name: Should be required to specify the set field when the discriminant type is Set. - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - metadata: - labels: - type: sharded - name: hello-openshift-actions - namespace: hello-openshift - spec: - subdomain: hello-openshift - tls: - termination: edge - to: - kind: Service - name: hello-openshift - httpHeaders: - actions: - response: - - name: X-Frame-Options - action: - set: - value: DENY - expectedError: 'Route.route.openshift.io "hello-openshift-actions" is invalid: [spec.httpHeaders.actions.response[0].action.type: Required value, : Invalid value: "null": some validation rules were not checked because the object was invalid; correct the existing errors to complete validation]' diff --git a/vendor/github.com/openshift/api/route/v1/techpreview.route.testsuite.yaml b/vendor/github.com/openshift/api/route/v1/techpreview.route.testsuite.yaml deleted file mode 100644 index 0f0cdd11b43..00000000000 --- a/vendor/github.com/openshift/api/route/v1/techpreview.route.testsuite.yaml +++ /dev/null @@ -1,103 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: '[TechPreview] Route' -crd: route-TechPreviewNoUpgrade.crd.yaml -tests: - onCreate: - - name: Should be able to create a minimal Route - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - expected: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - weight: 100 - wildcardPolicy: None - - name: 'cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow' - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Allow - expectedError: 'cannot have both spec.tls.termination: passthrough and spec.tls.insecureEdgeTerminationPolicy: Allow' - - name: 'spec.tls.termination: passthrough is compatible with spec.tls.insecureEdgeTerminationPolicy: Redirect' - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Redirect - expected: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - weight: 100 - tls: - termination: passthrough - insecureEdgeTerminationPolicy: Redirect - wildcardPolicy: None - - name: 'spec.tls.termination: passthrough is compatible with spec.tls.insecureEdgeTerminationPolicy: None' - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - tls: - termination: passthrough - insecureEdgeTerminationPolicy: None - expected: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - host: test.foo - to: - kind: Service - name: foo - weight: 100 - tls: - termination: passthrough - insecureEdgeTerminationPolicy: None - wildcardPolicy: None - - name: 'cannot have both spec.tls.certificate and spec.tls.externalCertificate' - initial: | - apiVersion: route.openshift.io/v1 - kind: Route - spec: - to: - kind: Service - name: foo - tls: - termination: edge - key: |- - -----BEGIN RSA PRIVATE KEY----- - -----END RSA PRIVATE KEY----- - certificate: |- - -----BEGIN CERTIFICATE----- - -----END CERTIFICATE----- - externalCertificate: - name: "my-local-secret" - expectedError: 'Invalid value: "object": cannot have both spec.tls.certificate and spec.tls.externalCertificate' diff --git a/vendor/github.com/openshift/api/route/v1/types.go b/vendor/github.com/openshift/api/route/v1/types.go index dc598d21fdb..fadc4b618ba 100644 --- a/vendor/github.com/openshift/api/route/v1/types.go +++ b/vendor/github.com/openshift/api/route/v1/types.go @@ -12,7 +12,6 @@ import ( // +kubebuilder:subresource:status // +kubebuilder:resource:path=routes,scope=Namespaced // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1228 -// +openshift:file-pattern=routeMARKERS.crd.yaml // +kubebuilder:printcolumn:name=Host,JSONPath=.status.ingress[0].host,type=string // +kubebuilder:printcolumn:name=Admitted,JSONPath=.status.ingress[0].conditions[?(@.type=="Admitted")].status,type=string // +kubebuilder:printcolumn:name=Service,JSONPath=.spec.to.name,type=string @@ -448,8 +447,12 @@ type TLSConfig struct { // insecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to a route. While // each router may make its own decisions on which ports to expose, this is normally port 80. // - // * Allow - traffic is sent to the server on the insecure port (edge/reencrypt terminations only) (default). - // * None - no traffic is allowed on the insecure port. + // If a route does not specify insecureEdgeTerminationPolicy, then the default behavior is "None". + // + // * Allow - traffic is sent to the server on the insecure port (edge/reencrypt terminations only). + // + // * None - no traffic is allowed on the insecure port (default). + // // * Redirect - clients are redirected to the secure port. // // +kubebuilder:validation:Enum=Allow;None;Redirect;"" diff --git a/vendor/github.com/openshift/api/route/v1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/route/v1/zz_generated.featuregated-crd-manifests.yaml index 7a140cd5312..aced0855f40 100644 --- a/vendor/github.com/openshift/api/route/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/route/v1/zz_generated.featuregated-crd-manifests.yaml @@ -6,6 +6,9 @@ routes.route.openshift.io: Category: "" FeatureGates: - ExternalRouteCertificate + FilenameOperatorName: "" + FilenameOperatorOrdering: "" + FilenameRunLevel: "" GroupName: route.openshift.io HasStatus: true KindName: Route @@ -26,7 +29,6 @@ routes.route.openshift.io: type: string Scope: Namespaced ShortNames: null - TargetFilenamePattern: routeMARKERS.crd.yaml TopLevelFeatureGates: [] Version: v1 diff --git a/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go index c65815a1cc6..56a4e23e3d5 100644 --- a/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go @@ -178,7 +178,7 @@ var map_TLSConfig = map[string]string{ "key": "key provides key file contents", "caCertificate": "caCertificate provides the cert authority certificate contents", "destinationCACertificate": "destinationCACertificate provides the contents of the ca certificate of the final destination. When using reencrypt termination this file should be provided in order to have routers use it for health checks on the secure connection. If this field is not specified, the router may provide its own destination CA and perform hostname validation using the short service name (service.namespace.svc), which allows infrastructure generated certificates to automatically verify.", - "insecureEdgeTerminationPolicy": "insecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to a route. While each router may make its own decisions on which ports to expose, this is normally port 80.\n\n* Allow - traffic is sent to the server on the insecure port (edge/reencrypt terminations only) (default). * None - no traffic is allowed on the insecure port. * Redirect - clients are redirected to the secure port.", + "insecureEdgeTerminationPolicy": "insecureEdgeTerminationPolicy indicates the desired behavior for insecure connections to a route. While each router may make its own decisions on which ports to expose, this is normally port 80.\n\nIf a route does not specify insecureEdgeTerminationPolicy, then the default behavior is \"None\".\n\n* Allow - traffic is sent to the server on the insecure port (edge/reencrypt terminations only).\n\n* None - no traffic is allowed on the insecure port (default).\n\n* Redirect - clients are redirected to the secure port.", "externalCertificate": "externalCertificate provides certificate contents as a secret reference. This should be a single serving certificate, not a certificate chain. Do not include a CA certificate. The secret referenced should be present in the same namespace as that of the Route. Forbidden when `certificate` is set.", } diff --git a/vendor/modules.txt b/vendor/modules.txt index ae8a3545d83..7e95baa10d4 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -983,11 +983,12 @@ github.com/opencontainers/go-digest ## explicit; go 1.17 github.com/opencontainers/image-spec/specs-go github.com/opencontainers/image-spec/specs-go/v1 -# github.com/openshift/api v0.0.0-20240313103236-5f1498accd5d +# github.com/openshift/api v0.0.0-20240429104249-ac9356ba1784 ## explicit; go 1.21 github.com/openshift/api/annotations github.com/openshift/api/config/v1 github.com/openshift/api/config/v1alpha1 +github.com/openshift/api/features github.com/openshift/api/machine/v1 github.com/openshift/api/machine/v1alpha1 github.com/openshift/api/machine/v1beta1 From cc6a0782fb2110934cc0227aab0297321e2342ed Mon Sep 17 00:00:00 2001 From: Patrick Dillon Date: Mon, 29 Apr 2024 11:30:37 -0400 Subject: [PATCH 4/4] Check CAPI-Install feature gate per platform Adds the ability to check for a CAPI install feature gate per platform, rather than only checking whether CAPI is enabled for every platform. This will allow graduation of capi install feature gates per platform. --- pkg/asset/machines/master.go | 4 +-- pkg/asset/manifests/capiutils/helpers.go | 9 +++-- pkg/infrastructure/platform/platform.go | 17 +++++----- .../platform/platform_altinfra.go | 18 +++++----- pkg/types/installconfig.go | 33 +++++++++++++++++++ 5 files changed, 60 insertions(+), 21 deletions(-) diff --git a/pkg/asset/machines/master.go b/pkg/asset/machines/master.go index 38d7465c6b1..9e0560ebb98 100644 --- a/pkg/asset/machines/master.go +++ b/pkg/asset/machines/master.go @@ -17,7 +17,6 @@ import ( "sigs.k8s.io/yaml" configv1 "github.com/openshift/api/config/v1" - "github.com/openshift/api/features" machinev1 "github.com/openshift/api/machine/v1" machinev1alpha1 "github.com/openshift/api/machine/v1alpha1" machinev1beta1 "github.com/openshift/api/machine/v1beta1" @@ -44,6 +43,7 @@ import ( "github.com/openshift/installer/pkg/asset/machines/ovirt" "github.com/openshift/installer/pkg/asset/machines/powervs" "github.com/openshift/installer/pkg/asset/machines/vsphere" + "github.com/openshift/installer/pkg/asset/manifests/capiutils" "github.com/openshift/installer/pkg/asset/rhcos" rhcosutils "github.com/openshift/installer/pkg/rhcos" "github.com/openshift/installer/pkg/types" @@ -271,7 +271,7 @@ func (m *Master) Generate(dependencies asset.Parents) error { // so we don't want to include target pools in the control plane machineset. // TODO(padillon): once this feature gate is the default and we are // no longer using Terraform, we can update ConfigMasters not to populate this. - if ic.EnabledFeatureGates().Enabled(features.FeatureGateClusterAPIInstall) { + if capiutils.IsEnabled(installConfig) { for _, machine := range machines { providerSpec, ok := machine.Spec.ProviderSpec.Value.Object.(*machinev1beta1.GCPMachineProviderSpec) if !ok { diff --git a/pkg/asset/manifests/capiutils/helpers.go b/pkg/asset/manifests/capiutils/helpers.go index 10f88357285..49586d5cdd0 100644 --- a/pkg/asset/manifests/capiutils/helpers.go +++ b/pkg/asset/manifests/capiutils/helpers.go @@ -1,9 +1,10 @@ package capiutils import ( - "github.com/openshift/api/features" "github.com/openshift/installer/pkg/asset/installconfig" "github.com/openshift/installer/pkg/ipnet" + "github.com/openshift/installer/pkg/types" + typesazure "github.com/openshift/installer/pkg/types/azure" ) var ( @@ -21,7 +22,11 @@ func CIDRFromInstallConfig(installConfig *installconfig.InstallConfig) *ipnet.IP // IsEnabled returns true if the feature gate is enabled. func IsEnabled(installConfig *installconfig.InstallConfig) bool { - return installConfig.Config.EnabledFeatureGates().Enabled(features.FeatureGateClusterAPIInstall) + platform := installConfig.Config.Platform.Name() + if azure := installConfig.Config.Platform.Azure; azure != nil && azure.CloudName == typesazure.StackCloud { + platform = typesazure.StackTerraformName + } + return types.ClusterAPIFeatureGateEnabled(platform, installConfig.Config.EnabledFeatureGates()) } // GenerateBoostrapMachineName generates the Cluster API Machine used for bootstrapping diff --git a/pkg/infrastructure/platform/platform.go b/pkg/infrastructure/platform/platform.go index c7195c00c55..447f9e6f676 100644 --- a/pkg/infrastructure/platform/platform.go +++ b/pkg/infrastructure/platform/platform.go @@ -30,6 +30,7 @@ import ( "github.com/openshift/installer/pkg/terraform/stages/ovirt" "github.com/openshift/installer/pkg/terraform/stages/powervs" "github.com/openshift/installer/pkg/terraform/stages/vsphere" + "github.com/openshift/installer/pkg/types" awstypes "github.com/openshift/installer/pkg/types/aws" azuretypes "github.com/openshift/installer/pkg/types/azure" baremetaltypes "github.com/openshift/installer/pkg/types/baremetal" @@ -50,7 +51,7 @@ import ( func ProviderForPlatform(platform string, fg featuregates.FeatureGate) (infrastructure.Provider, error) { switch platform { case awstypes.Name: - if fg.Enabled(features.FeatureGateClusterAPIInstall) { + if types.ClusterAPIFeatureGateEnabled(platform, fg) { return clusterapi.InitializeProvider(&awscapi.Provider{}), nil } if fg.Enabled(features.FeatureGateInstallAlternateInfrastructureAWS) { @@ -58,7 +59,7 @@ func ProviderForPlatform(platform string, fg featuregates.FeatureGate) (infrastr } return terraform.InitializeProvider(aws.PlatformStages), nil case azuretypes.Name: - if fg.Enabled(features.FeatureGateClusterAPIInstall) { + if types.ClusterAPIFeatureGateEnabled(platform, fg) { return clusterapi.InitializeProvider(&azureinfra.Provider{}), nil } return terraform.InitializeProvider(azure.PlatformStages), nil @@ -67,36 +68,36 @@ func ProviderForPlatform(platform string, fg featuregates.FeatureGate) (infrastr case baremetaltypes.Name: return baremetalinfra.InitializeProvider(), nil case gcptypes.Name: - if fg.Enabled(features.FeatureGateClusterAPIInstall) { + if types.ClusterAPIFeatureGateEnabled(platform, fg) { return clusterapi.InitializeProvider(gcpcapi.Provider{}), nil } return terraform.InitializeProvider(gcp.PlatformStages), nil case ibmcloudtypes.Name: - if fg.Enabled(features.FeatureGateClusterAPIInstall) { + if types.ClusterAPIFeatureGateEnabled(platform, fg) { return clusterapi.InitializeProvider(ibmcloudcapi.Provider{}), nil } return terraform.InitializeProvider(ibmcloud.PlatformStages), nil case libvirttypes.Name: return terraform.InitializeProvider(libvirt.PlatformStages), nil case nutanixtypes.Name: - if fg.Enabled(features.FeatureGateClusterAPIInstall) { + if types.ClusterAPIFeatureGateEnabled(platform, fg) { return clusterapi.InitializeProvider(nutanixcapi.Provider{}), nil } return terraform.InitializeProvider(nutanix.PlatformStages), nil case powervstypes.Name: - if fg.Enabled(features.FeatureGateClusterAPIInstall) { + if types.ClusterAPIFeatureGateEnabled(platform, fg) { return clusterapi.InitializeProvider(&powervscapi.Provider{}), nil } return terraform.InitializeProvider(powervs.PlatformStages), nil case openstacktypes.Name: - if fg.Enabled(features.FeatureGateClusterAPIInstall) { + if types.ClusterAPIFeatureGateEnabled(platform, fg) { return clusterapi.InitializeProvider(openstackcapi.Provider{}), nil } return terraform.InitializeProvider(openstack.PlatformStages), nil case ovirttypes.Name: return terraform.InitializeProvider(ovirt.PlatformStages), nil case vspheretypes.Name: - if fg.Enabled(features.FeatureGateClusterAPIInstall) { + if types.ClusterAPIFeatureGateEnabled(platform, fg) { return clusterapi.InitializeProvider(vspherecapi.Provider{}), nil } return terraform.InitializeProvider(vsphere.PlatformStages), nil diff --git a/pkg/infrastructure/platform/platform_altinfra.go b/pkg/infrastructure/platform/platform_altinfra.go index ec143d1f733..5589cf82693 100644 --- a/pkg/infrastructure/platform/platform_altinfra.go +++ b/pkg/infrastructure/platform/platform_altinfra.go @@ -6,7 +6,6 @@ package platform import ( "fmt" - "github.com/openshift/api/features" "github.com/openshift/installer/pkg/infrastructure" awscapi "github.com/openshift/installer/pkg/infrastructure/aws/clusterapi" awsinfra "github.com/openshift/installer/pkg/infrastructure/aws/sdk" @@ -18,6 +17,7 @@ import ( openstackcapi "github.com/openshift/installer/pkg/infrastructure/openstack/clusterapi" powervscapi "github.com/openshift/installer/pkg/infrastructure/powervs/clusterapi" vspherecapi "github.com/openshift/installer/pkg/infrastructure/vsphere/clusterapi" + "github.com/openshift/installer/pkg/types" awstypes "github.com/openshift/installer/pkg/types/aws" azuretypes "github.com/openshift/installer/pkg/types/azure" "github.com/openshift/installer/pkg/types/featuregates" @@ -33,40 +33,40 @@ import ( func ProviderForPlatform(platform string, fg featuregates.FeatureGate) (infrastructure.Provider, error) { switch platform { case awstypes.Name: - if fg.Enabled(features.FeatureGateClusterAPIInstall) { + if types.ClusterAPIFeatureGateEnabled(platform, fg) { return clusterapi.InitializeProvider(&awscapi.Provider{}), nil } return awsinfra.InitializeProvider(), nil case azuretypes.Name: - if fg.Enabled(features.FeatureGateClusterAPIInstall) { + if types.ClusterAPIFeatureGateEnabled(platform, fg) { return clusterapi.InitializeProvider(&azurecapi.Provider{}), nil } return nil, nil case gcptypes.Name: - if fg.Enabled(features.FeatureGateClusterAPIInstall) { + if types.ClusterAPIFeatureGateEnabled(platform, fg) { return clusterapi.InitializeProvider(gcpcapi.Provider{}), nil } return nil, nil case ibmcloudtypes.Name: - if fg.Enabled(features.FeatureGateClusterAPIInstall) { + if types.ClusterAPIFeatureGateEnabled(platform, fg) { return clusterapi.InitializeProvider(ibmcloudcapi.Provider{}), nil } return nil, nil case vspheretypes.Name: - if fg.Enabled(features.FeatureGateClusterAPIInstall) { + if types.ClusterAPIFeatureGateEnabled(platform, fg) { return clusterapi.InitializeProvider(vspherecapi.Provider{}), nil } case powervstypes.Name: - if fg.Enabled(features.FeatureGateClusterAPIInstall) { + if types.ClusterAPIFeatureGateEnabled(platform, fg) { return clusterapi.InitializeProvider(powervscapi.Provider{}), nil } return nil, nil case openstacktypes.Name: - if fg.Enabled(features.FeatureGateClusterAPIInstall) { + if types.ClusterAPIFeatureGateEnabled(platform, fg) { return clusterapi.InitializeProvider(openstackcapi.Provider{}), nil } case nutanixtypes.Name: - if fg.Enabled(features.FeatureGateClusterAPIInstall) { + if types.ClusterAPIFeatureGateEnabled(platform, fg) { return clusterapi.InitializeProvider(nutanixcapi.Provider{}), nil } } diff --git a/pkg/types/installconfig.go b/pkg/types/installconfig.go index 7030625d515..e8630fb1ec3 100644 --- a/pkg/types/installconfig.go +++ b/pkg/types/installconfig.go @@ -558,3 +558,36 @@ func (c *InstallConfig) EnabledFeatureGates() featuregates.FeatureGate { return fg } + +// ClusterAPIFeatureGateEnabled checks whether feature gates enabling +// cluster api installs are enabled. +func ClusterAPIFeatureGateEnabled(platform string, fgs featuregates.FeatureGate) bool { + // FeatureGateClusterAPIInstall enables for all platforms. + if fgs.Enabled(features.FeatureGateClusterAPIInstall) { + return true + } + + // Check if CAPI install is enabled for individual platforms. + switch platform { + case aws.Name: + return fgs.Enabled(features.FeatureGateClusterAPIInstallAWS) + case azure.StackTerraformName, azure.StackCloud.Name(): + return false + case azure.Name: + return fgs.Enabled(features.FeatureGateClusterAPIInstallAzure) + case gcp.Name: + return fgs.Enabled(features.FeatureGateClusterAPIInstallGCP) + case ibmcloud.Name: + return fgs.Enabled(features.FeatureGateClusterAPIInstallIBMCloud) + case nutanix.Name: + return fgs.Enabled(features.FeatureGateClusterAPIInstallNutanix) + case openstack.Name: + return fgs.Enabled(features.FeatureGateClusterAPIInstallOpenStack) + case powervs.Name: + return fgs.Enabled(features.FeatureGateClusterAPIInstallPowerVS) + case vsphere.Name: + return fgs.Enabled(features.FeatureGateClusterAPIInstallVSphere) + default: + return false + } +}