From 7606f91d9317bb74ece0623caacc1d97dc15b364 Mon Sep 17 00:00:00 2001 From: Maru Newby Date: Wed, 26 Aug 2020 19:13:44 -0700 Subject: [PATCH 1/2] bump(*) for kube 1.19.0 --- go.mod | 32 +- go.sum | 80 +- .../github.com/evanphx/json-patch/.travis.yml | 7 +- vendor/github.com/evanphx/json-patch/LICENSE | 2 +- .../github.com/evanphx/json-patch/README.md | 11 +- vendor/github.com/evanphx/json-patch/merge.go | 13 +- vendor/github.com/evanphx/json-patch/patch.go | 232 +- vendor/github.com/openshift/api/Makefile | 4 +- vendor/github.com/openshift/api/README.md | 13 +- ...enshift_01_rolebindingrestriction.crd.yaml | 2 + .../openshift/api/build/v1/generated.proto | 1 + .../openshift/api/build/v1/types.go | 1 + .../v1/zz_generated.swagger_doc_generated.go | 2 +- ...rsion-operator_01_clusteroperator.crd.yaml | 2 + ...ersion-operator_01_clusterversion.crd.yaml | 56 +- ...03_config-operator_01_operatorhub.crd.yaml | 2 + .../0000_03_config-operator_01_proxy.crd.yaml | 2 + ...0_10_config-operator_01_apiserver.crd.yaml | 465 ++-- ...config-operator_01_authentication.crd.yaml | 2 + .../0000_10_config-operator_01_build.crd.yaml | 20 +- ...000_10_config-operator_01_console.crd.yaml | 2 + .../0000_10_config-operator_01_dns.crd.yaml | 2 + ...10_config-operator_01_featuregate.crd.yaml | 2 + .../0000_10_config-operator_01_image.crd.yaml | 2 + ...config-operator_01_infrastructure.crd.yaml | 2 + ...000_10_config-operator_01_ingress.crd.yaml | 2 + ...000_10_config-operator_01_network.crd.yaml | 4 + .../0000_10_config-operator_01_oauth.crd.yaml | 2 + ...000_10_config-operator_01_project.crd.yaml | 2 + ...0_10_config-operator_01_scheduler.crd.yaml | 2 + .../api/config/v1/types_apiserver.go | 13 +- .../api/config/v1/types_cluster_version.go | 35 +- .../openshift/api/config/v1/types_network.go | 6 +- .../api/config/v1/zz_generated.deepcopy.go | 29 +- .../v1/zz_generated.swagger_doc_generated.go | 18 +- vendor/github.com/openshift/api/go.mod | 12 +- vendor/github.com/openshift/api/go.sum | 46 +- .../github.com/openshift/api/helm/install.go | 26 + .../0000_10-helm-chart-repository.crd.yaml | 169 ++ .../openshift/api/helm/v1beta1/doc.go | 8 + .../openshift/api/helm/v1beta1/register.go | 38 + .../openshift/api/helm/v1beta1/types_helm.go | 84 + .../api/helm/v1beta1/zz_generated.deepcopy.go | 129 + .../api/imageregistry/v1/00-crd.yaml | 2371 +++++++++-------- .../api/imageregistry/v1/01-crd.yaml | 1454 +++++----- .../openshift/api/imageregistry/v1/types.go | 24 +- .../api/imageregistry/v1/types_imagepruner.go | 4 + .../imageregistry/v1/zz_generated.deepcopy.go | 1 + .../v1/zz_generated.swagger_doc_generated.go | 44 +- vendor/github.com/openshift/api/install.go | 2 + ...0000_10_config-operator_01_config.crd.yaml | 257 +- .../v1/0000_20_etcd-operator_01.crd.yaml | 372 +-- ...kube-apiserver-operator_01_config.crd.yaml | 381 +-- ...er-operator_01_config.crd.yaml-merge-patch | 8 - ...piserver-operator_01_config.crd.yaml-patch | 3 + ...roller-manager-operator_01_config.crd.yaml | 381 +-- ...er-operator_01_config.crd.yaml-merge-patch | 10 - ...-manager-operator_01_config.crd.yaml-patch | 3 + ...kube-scheduler-operator_01_config.crd.yaml | 381 +-- ...er-operator_01_config.crd.yaml-merge-patch | 10 - ...cheduler-operator_01_config.crd.yaml-patch | 3 + ...hift-apiserver-operator_01_config.crd.yaml | 273 +- ...oud-credential-operator_00_config.crd.yaml | 158 ++ ...rsion-migrator-operator_00_config.crd.yaml | 256 +- ...authentication-operator_01_config.crd.yaml | 285 +- ...roller-manager-operator_02_config.crd.yaml | 253 +- ...00_50_cluster_storage_operator_01_crd.yaml | 255 +- ...ess-operator_00-ingresscontroller.crd.yaml | 1806 +++++++------ ..._00-ingresscontroller.crd.yaml-merge-patch | 20 - ...erator_00-ingresscontroller.crd.yaml-patch | 9 + .../0000_50_service-ca-operator_02_crd.yaml | 261 +- ...00_70_cluster-network-operator_01_crd.yaml | 698 ++--- .../v1/0000_70_console-operator.crd.yaml | 421 +-- ...perator_00-custom-resource-definition.yaml | 248 +- ...i_snapshot_controller_operator_01_crd.yaml | 255 +- ...0_90_cluster_csi_driver_01_config.crd.yaml | 290 +- ..._csi_driver_01_config.crd.yaml-merge-patch | 12 - ...luster_csi_driver_01_config.crd.yaml-patch | 9 + .../openshift/api/operator/v1/register.go | 2 + .../openshift/api/operator/v1/types.go | 4 + .../api/operator/v1/types_cloudcredential.go | 73 + .../operator/v1/types_csi_cluster_driver.go | 24 +- .../api/operator/v1/types_ingress.go | 192 +- .../api/operator/v1/types_network.go | 6 +- .../api/operator/v1/zz_generated.deepcopy.go | 193 +- .../v1/zz_generated.swagger_doc_generated.go | 93 +- ...rator_01_imagecontentsourcepolicy.crd.yaml | 2 + ...10-pod-network-connectivity-check.crd.yaml | 2 + ...openshift_01_clusterresourcequota.crd.yaml | 30 +- .../openshift/api/route/v1/generated.proto | 8 + .../openshift/api/route/v1/types.go | 8 + .../v1/zz_generated.swagger_doc_generated.go | 2 +- ...0000_03_security-openshift_01_scc.crd.yaml | 2 + .../build-machinery-go/make/lib/golang.mk | 2 +- .../make/targets/openshift/controller-gen.mk | 2 +- .../make/targets/openshift/crd-schema-gen.mk | 18 +- .../make/targets/openshift/yaml-patch.mk | 32 + .../clientset/versioned/fake/register.go | 2 +- .../config/listers/config/v1/apiserver.go | 3 + .../listers/config/v1/authentication.go | 3 + .../config/listers/config/v1/build.go | 3 + .../listers/config/v1/clusteroperator.go | 3 + .../listers/config/v1/clusterversion.go | 3 + .../config/listers/config/v1/console.go | 3 + .../client-go/config/listers/config/v1/dns.go | 3 + .../config/listers/config/v1/featuregate.go | 3 + .../config/listers/config/v1/image.go | 3 + .../listers/config/v1/infrastructure.go | 3 + .../config/listers/config/v1/ingress.go | 3 + .../config/listers/config/v1/network.go | 3 + .../config/listers/config/v1/oauth.go | 3 + .../config/listers/config/v1/operatorhub.go | 3 + .../config/listers/config/v1/project.go | 3 + .../config/listers/config/v1/proxy.go | 3 + .../config/listers/config/v1/scheduler.go | 3 + .../clientset/versioned/fake/register.go | 2 +- .../quota/v1/appliedclusterresourcequota.go | 5 + .../listers/quota/v1/clusterresourcequota.go | 3 + .../clientset/versioned/fake/register.go | 2 +- vendor/go.etcd.io/etcd/clientv3/watch.go | 45 +- vendor/go.etcd.io/etcd/version/version.go | 2 +- vendor/golang.org/x/crypto/cryptobyte/asn1.go | 6 +- .../x/crypto/openpgp/packet/packet.go | 67 +- .../golang.org/x/crypto/poly1305/mac_noasm.go | 4 +- .../golang.org/x/crypto/poly1305/poly1305.go | 26 +- .../golang.org/x/crypto/poly1305/sum_amd64.go | 13 +- .../golang.org/x/crypto/poly1305/sum_amd64.s | 2 +- .../x/crypto/poly1305/sum_generic.go | 21 +- .../golang.org/x/crypto/poly1305/sum_noasm.go | 13 - .../x/crypto/poly1305/sum_ppc64le.go | 13 +- .../x/crypto/poly1305/sum_ppc64le.s | 2 +- .../golang.org/x/crypto/poly1305/sum_s390x.go | 72 +- .../golang.org/x/crypto/poly1305/sum_s390x.s | 667 +++-- .../x/crypto/poly1305/sum_vmsl_s390x.s | 909 ------- .../x/crypto/ssh/terminal/terminal.go | 8 + vendor/k8s.io/api/core/v1/generated.proto | 2 + vendor/k8s.io/api/core/v1/lifecycle.go | 37 + vendor/k8s.io/api/core/v1/types.go | 2 + .../core/v1/types_swagger_doc_generated.go | 4 +- .../apimachinery/pkg/runtime/converter.go | 2 +- .../k8s.io/apimachinery/pkg/util/net/http.go | 10 +- .../k8s.io/apimachinery/pkg/util/net/util.go | 31 +- .../handlers/fieldmanager/capmanagers.go | 2 +- .../handlers/fieldmanager/fieldmanager.go | 4 +- .../fieldmanager/internal/conflict.go | 4 +- .../handlers/fieldmanager/internal/fields.go | 2 +- .../fieldmanager/internal/gvkparser.go | 2 +- .../fieldmanager/internal/managedfields.go | 2 +- .../fieldmanager/internal/pathelement.go | 4 +- .../fieldmanager/internal/typeconverter.go | 4 +- .../fieldmanager/internal/versionconverter.go | 6 +- .../fieldmanager/lastappliedmanager.go | 4 +- .../fieldmanager/managedfieldsupdater.go | 2 +- .../handlers/fieldmanager/stripmeta.go | 2 +- .../handlers/fieldmanager/structuredmerge.go | 4 +- vendor/k8s.io/apiserver/pkg/server/config.go | 11 +- .../server/filters/priority-and-fairness.go | 1 + .../apiserver/pkg/server/healthz/healthz.go | 18 +- .../apiserver/pkg/storage/etcd3/store.go | 17 +- .../pkg/util/flowcontrol/apf_controller.go | 17 + .../util/flowcontrol/apf_controller_debug.go | 35 +- .../pkg/util/flowcontrol/apf_filter.go | 14 +- .../util/flowcontrol/fairqueuing/interface.go | 4 + .../fairqueuing/queueset/queueset.go | 5 + .../k8s.io/client-go/util/jsonpath/parser.go | 5 +- vendor/k8s.io/klog/v2/klog.go | 11 +- .../k8s.io/kube-openapi/pkg/schemaconv/smd.go | 4 +- vendor/k8s.io/utils/trace/trace.go | 2 +- vendor/modules.txt | 50 +- .../structured-merge-diff/{v3 => v4}/LICENSE | 0 .../{v3 => v4}/fieldpath/doc.go | 0 .../{v3 => v4}/fieldpath/element.go | 2 +- .../{v3 => v4}/fieldpath/fromvalue.go | 2 +- .../{v3 => v4}/fieldpath/managers.go | 0 .../{v3 => v4}/fieldpath/path.go | 2 +- .../{v3 => v4}/fieldpath/pathelementmap.go | 2 +- .../{v3 => v4}/fieldpath/serialize-pe.go | 2 +- .../{v3 => v4}/fieldpath/serialize.go | 0 .../{v3 => v4}/fieldpath/set.go | 0 .../{v3 => v4}/merge/conflict.go | 2 +- .../{v3 => v4}/merge/update.go | 4 +- .../{v3 => v4}/schema/doc.go | 0 .../{v3 => v4}/schema/elements.go | 0 .../{v3 => v4}/schema/equals.go | 0 .../{v3 => v4}/schema/schemaschema.go | 0 .../{v3 => v4}/typed/doc.go | 0 .../{v3 => v4}/typed/helpers.go | 6 +- .../{v3 => v4}/typed/merge.go | 6 +- .../{v3 => v4}/typed/parser.go | 4 +- .../{v3 => v4}/typed/remove.go | 6 +- .../{v3 => v4}/typed/tofieldset.go | 6 +- .../{v3 => v4}/typed/typed.go | 6 +- .../{v3 => v4}/typed/union.go | 4 +- .../{v3 => v4}/typed/validate.go | 6 +- .../{v3 => v4}/value/allocator.go | 0 .../{v3 => v4}/value/doc.go | 0 .../{v3 => v4}/value/fields.go | 0 .../{v3 => v4}/value/jsontagutil.go | 0 .../{v3 => v4}/value/list.go | 0 .../{v3 => v4}/value/listreflect.go | 0 .../{v3 => v4}/value/listunstructured.go | 0 .../{v3 => v4}/value/map.go | 0 .../{v3 => v4}/value/mapreflect.go | 0 .../{v3 => v4}/value/mapunstructured.go | 0 .../{v3 => v4}/value/reflectcache.go | 0 .../{v3 => v4}/value/scalar.go | 0 .../{v3 => v4}/value/structreflect.go | 0 .../{v3 => v4}/value/value.go | 0 .../{v3 => v4}/value/valuereflect.go | 0 .../{v3 => v4}/value/valueunstructured.go | 0 210 files changed, 8509 insertions(+), 7307 deletions(-) create mode 100644 vendor/github.com/openshift/api/helm/install.go create mode 100644 vendor/github.com/openshift/api/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml create mode 100644 vendor/github.com/openshift/api/helm/v1beta1/doc.go create mode 100644 vendor/github.com/openshift/api/helm/v1beta1/register.go create mode 100644 vendor/github.com/openshift/api/helm/v1beta1/types_helm.go create mode 100644 vendor/github.com/openshift/api/helm/v1beta1/zz_generated.deepcopy.go delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml-merge-patch create mode 100644 vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml-patch delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml-merge-patch create mode 100644 vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml-patch delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml-merge-patch create mode 100644 vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml-patch create mode 100644 vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml-merge-patch create mode 100644 vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml-patch delete mode 100644 vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-merge-patch create mode 100644 vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch create mode 100644 vendor/github.com/openshift/api/operator/v1/types_cloudcredential.go create mode 100644 vendor/github.com/openshift/build-machinery-go/make/targets/openshift/yaml-patch.mk delete mode 100644 vendor/golang.org/x/crypto/poly1305/sum_noasm.go delete mode 100644 vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s create mode 100644 vendor/k8s.io/api/core/v1/lifecycle.go rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/LICENSE (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/fieldpath/doc.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/fieldpath/element.go (99%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/fieldpath/fromvalue.go (98%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/fieldpath/managers.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/fieldpath/path.go (98%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/fieldpath/pathelementmap.go (98%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/fieldpath/serialize-pe.go (99%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/fieldpath/serialize.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/fieldpath/set.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/merge/conflict.go (98%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/merge/update.go (99%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/schema/doc.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/schema/elements.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/schema/equals.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/schema/schemaschema.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/typed/doc.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/typed/helpers.go (97%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/typed/merge.go (98%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/typed/parser.go (98%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/typed/remove.go (95%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/typed/tofieldset.go (96%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/typed/typed.go (98%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/typed/union.go (98%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/typed/validate.go (97%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/allocator.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/doc.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/fields.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/jsontagutil.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/list.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/listreflect.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/listunstructured.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/map.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/mapreflect.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/mapunstructured.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/reflectcache.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/scalar.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/structreflect.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/value.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/valuereflect.go (100%) rename vendor/sigs.k8s.io/structured-merge-diff/{v3 => v4}/value/valueunstructured.go (100%) diff --git a/go.mod b/go.mod index b649b859ff..276822fca2 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/docker/go-metrics v0.0.1 // indirect github.com/docker/libnetwork v0.0.0-20190731215715-7f13a5c99f4b // indirect github.com/docker/libtrust v0.0.0-20160708172513-aabc10ec26b7 // indirect - github.com/evanphx/json-patch v4.2.0+incompatible + github.com/evanphx/json-patch v4.9.0+incompatible github.com/fsouza/go-dockerclient v0.0.0-20171004212419-da3951ba2e9e github.com/getsentry/raven-go v0.0.0-20190513200303-c977f96e1095 github.com/ghodss/yaml v1.0.0 @@ -34,9 +34,9 @@ require ( github.com/opencontainers/go-digest v1.0.0-rc1 github.com/opencontainers/image-spec v1.0.1 // indirect github.com/opencontainers/runc v0.0.0-20191031171055-b133feaeeb2e // indirect - github.com/openshift/api v0.0.0-20200723134351-89de68875e7c - github.com/openshift/build-machinery-go v0.0.0-20200713135615-1f43d26dccc7 - github.com/openshift/client-go v0.0.0-20200722173614-5a1b0aaeff15 + github.com/openshift/api v0.0.0-20200827090112-c05698d102cf + github.com/openshift/build-machinery-go v0.0.0-20200819073603-48aa266c95f7 + github.com/openshift/client-go v0.0.0-20200827190008-3062137373b5 github.com/pkg/errors v0.9.1 github.com/pkg/profile v1.3.0 github.com/prometheus/client_golang v1.7.1 @@ -48,21 +48,21 @@ require ( github.com/vishvananda/netlink v1.0.0 // indirect github.com/vishvananda/netns v0.0.0-20191106174202-0a2b9b5464df // indirect github.com/xlab/handysort v0.0.0-20150421192137-fb3537ed64a1 // indirect - go.etcd.io/etcd v0.5.0-alpha.5.0.20200716221620-18dfb9cca345 - golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975 - golang.org/x/net v0.0.0-20200602114024-627f9648deb9 + go.etcd.io/etcd v0.5.0-alpha.5.0.20200819165624-17cef6e3e9d5 + golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 + golang.org/x/net v0.0.0-20200707034311-ab3426394381 golang.org/x/time v0.0.0-20191024005414-555d28b269f0 gopkg.in/asn1-ber.v1 v1.0.0-20181015200546-f715ec2f112d // indirect gopkg.in/ldap.v2 v2.5.1 - k8s.io/api v0.19.0-rc.2 - k8s.io/apiextensions-apiserver v0.19.0-rc.2 - k8s.io/apimachinery v0.19.0-rc.2 - k8s.io/apiserver v0.19.0-rc.2 - k8s.io/client-go v0.19.0-rc.2 - k8s.io/component-base v0.19.0-rc.2 - k8s.io/klog/v2 v2.2.0 - k8s.io/kube-aggregator v0.19.0-rc.2 - k8s.io/utils v0.0.0-20200720150651-0bdb4ca86cbc + k8s.io/api v0.19.0 + k8s.io/apiextensions-apiserver v0.19.0 + k8s.io/apimachinery v0.19.0 + k8s.io/apiserver v0.19.0 + k8s.io/client-go v0.19.0 + k8s.io/component-base v0.19.0 + k8s.io/klog/v2 v2.3.0 + k8s.io/kube-aggregator v0.19.0 + k8s.io/utils v0.0.0-20200729134348-d5654de09c73 sigs.k8s.io/yaml v1.2.0 vbom.ml/util v0.0.0-20180919145318-efcd4e0f9787 diff --git a/go.sum b/go.sum index 83b52c1191..47aa08dcbd 100644 --- a/go.sum +++ b/go.sum @@ -125,9 +125,10 @@ github.com/emicklei/go-restful v2.9.5+incompatible h1:spTtZBk5DYEvbxMVutUuTyh1Ao github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v0.0.0-20190815234213-e83c0a1c26c8/go.mod h1:pmLOTb3x90VhIKxsA9yeQG5yfOkkKnkk1h+Ql8NDYDw= github.com/evanphx/json-patch v4.2.0+incompatible h1:fUDGZCv/7iAN7u0puUVhvKCcsR6vRfwrJatElLBEf0I= github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= +github.com/evanphx/json-patch v4.9.0+incompatible h1:kLcOMZeuLAJvL2BPWLMIj5oaZQobrkAqrL+WFZwQses= +github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= @@ -392,14 +393,12 @@ github.com/opencontainers/image-spec v1.0.1 h1:JMemWkRwHx4Zj+fVxWoMCFm/8sYGGrUVo github.com/opencontainers/image-spec v1.0.1/go.mod h1:BtxoFyWECRxE4U/7sNtV5W15zMzWCbyJoFRP3s7yZA0= github.com/opencontainers/runc v0.0.0-20191031171055-b133feaeeb2e h1:NKMVwQeEqNOp8DVM4J1HjpZHRcQO7MAVfZwFxs+Bqec= github.com/opencontainers/runc v0.0.0-20191031171055-b133feaeeb2e/go.mod h1:qT5XzbpPznkRYVz/mWwUaVBUv2rmF59PVA73FjuZG0U= -github.com/openshift/api v0.0.0-20200722170803-0ba2c3658da6 h1:h2zOwAA/Zg7mc9d16q6W7/mcJppctFyqvHeE6vz1Qys= -github.com/openshift/api v0.0.0-20200722170803-0ba2c3658da6/go.mod h1:IXsT3F4NjLtRzfnQvwU+g/oPWpoNsVV5vd5aaOMO8eU= -github.com/openshift/api v0.0.0-20200723134351-89de68875e7c h1:qsj/GaQ1sdT584yIcGmqqRpR5xtX5jTw5Gis3/09YI4= -github.com/openshift/api v0.0.0-20200723134351-89de68875e7c/go.mod h1:IXsT3F4NjLtRzfnQvwU+g/oPWpoNsVV5vd5aaOMO8eU= -github.com/openshift/build-machinery-go v0.0.0-20200713135615-1f43d26dccc7 h1:iP7TOaN+tEVNUQ0ODEbN1ukjLz918lsIt7Czf8giWlM= -github.com/openshift/build-machinery-go v0.0.0-20200713135615-1f43d26dccc7/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= -github.com/openshift/client-go v0.0.0-20200722173614-5a1b0aaeff15 h1:b2QkHrmaYtY6kzy2VrYLc+KBmCuTpJjgvBahPqpt6V0= -github.com/openshift/client-go v0.0.0-20200722173614-5a1b0aaeff15/go.mod h1:yd4Zpcdk+8JyMWi6v+h78jPqK0FvXbJY41Wq3SZxl+c= +github.com/openshift/api v0.0.0-20200827090112-c05698d102cf h1:s/d912Y7MW7bD/6XNL0gMe6lC0zPiDjq5w8u0OyCSpc= +github.com/openshift/api v0.0.0-20200827090112-c05698d102cf/go.mod h1:M3xexPhgM8DISzzRpuFUy+jfPjQPIcs9yqEYj17mXV8= +github.com/openshift/build-machinery-go v0.0.0-20200819073603-48aa266c95f7 h1:mOq7Mg1Q9d7nIDxe1SJ6pluMBQsbVxa6olyAGmfYWTg= +github.com/openshift/build-machinery-go v0.0.0-20200819073603-48aa266c95f7/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= +github.com/openshift/client-go v0.0.0-20200827190008-3062137373b5 h1:E6WhVL5p3rfjtc+o+jVG/29Aclnf3XIF7akxXvadwR0= +github.com/openshift/client-go v0.0.0-20200827190008-3062137373b5/go.mod h1:5rGmrkQ8DJEUXA+AR3rEjfH+HFyg4/apY9iCQFgvPfE= github.com/openshift/kubernetes-kube-storage-version-migrator v0.0.3-0.20200312103335-32e07ea4f8ca h1:YNtyJnE53QuEUSjl7L1AARocI021o7cU2bvh4prDtiE= github.com/openshift/kubernetes-kube-storage-version-migrator v0.0.3-0.20200312103335-32e07ea4f8ca/go.mod h1:unEnEWccGeVxaXSRsWTjRsNxMqYXmuQjzjcPFQ91H9M= github.com/pborman/uuid v1.2.0 h1:J7Q5mO4ysT1dv8hyrUGHb9+ooztCXu1D8MY8DZYsu3g= @@ -505,6 +504,7 @@ github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q github.com/xlab/handysort v0.0.0-20150421192137-fb3537ed64a1 h1:j2hhcujLRHAg872RWAV5yaUrEjHEObwDv3aImCaNLek= github.com/xlab/handysort v0.0.0-20150421192137-fb3537ed64a1/go.mod h1:QcJo0QPSfTONNIgpN5RA8prR7fF8nkF6cTWTcNerRO8= github.com/xordataexchange/crypt v0.0.3-0.20170626215501-b2862e3d0a77/go.mod h1:aYKd//L2LvnjZzWKhF00oedf4jCCReLcmhLdhm1A27Q= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= go.etcd.io/bbolt v1.3.3 h1:MUGmc65QhB3pIlaQ5bB4LwqSj6GIonVJXpZiaKNyaKk= go.etcd.io/bbolt v1.3.3/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU= @@ -512,8 +512,8 @@ go.etcd.io/bbolt v1.3.5 h1:XAzx9gjCb0Rxj7EoqcClPD1d5ZBxZJk0jbuoPHenBt0= go.etcd.io/bbolt v1.3.5/go.mod h1:G5EMThwa9y8QZGBClrRx5EY+Yw9kAhnjy3bSjsnlVTQ= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738 h1:VcrIfasaLFkyjk6KNlXQSzO+B0fZcnECiDrKJsfxka0= go.etcd.io/etcd v0.0.0-20191023171146-3cf2f69b5738/go.mod h1:dnLIgRNXwCJa5e+c6mIZCrds/GIG4ncV9HhK5PX7jPg= -go.etcd.io/etcd v0.5.0-alpha.5.0.20200716221620-18dfb9cca345 h1:2gOG36vt1BhUqpzxwZLZJxUim2dHB05vw+RAn4Q6YOU= -go.etcd.io/etcd v0.5.0-alpha.5.0.20200716221620-18dfb9cca345/go.mod h1:skWido08r9w6Lq/w70DO5XYIKMu4QFu1+4VsqLQuJy8= +go.etcd.io/etcd v0.5.0-alpha.5.0.20200819165624-17cef6e3e9d5 h1:Gqga3zA9tdAcfqobUGjSoCob5L3f8Dt5EuOp3ihNZko= +go.etcd.io/etcd v0.5.0-alpha.5.0.20200819165624-17cef6e3e9d5/go.mod h1:skWido08r9w6Lq/w70DO5XYIKMu4QFu1+4VsqLQuJy8= go.mongodb.org/mongo-driver v1.0.3/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.mongodb.org/mongo-driver v1.1.1/go.mod h1:u7ryQJ+DOzQmeO7zB6MHyr8jkEQvC8vH7qLUO4lqsUM= go.mongodb.org/mongo-driver v1.1.2 h1:jxcFYjlkl8xaERsgLo+RNquI0epW6zuy/ZRQs6jnrFA= @@ -544,6 +544,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191206172530-e9b2fee46413/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975 h1:/Tl7pH94bvbAAHBdZJT947M/+gp0+CqQXDtMRC0fseo= golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 h1:psW17arqaxU48Z5kZ0CQnkZWQJsqcURM6tKiBApRjXI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -563,6 +565,8 @@ golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCc golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc= golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY= golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -587,9 +591,10 @@ golang.org/x/net v0.0.0-20191004110552-13f9640d40b9 h1:rjwSpXsdiK0dV8/Naq3kAw9ym golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553 h1:efeOvDhwQ29Dj3SdAV/MJf8oukgn+8D8WgaCaRMchF8= golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200602114024-627f9648deb9 h1:pNX+40auqi2JqRfOP1akLGtYcn15TUbkhwuCO3foqqM= -golang.org/x/net v0.0.0-20200602114024-627f9648deb9/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU= +golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0= @@ -677,10 +682,11 @@ golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtn golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72 h1:bw9doJza/SFBEweII/rHQh338oozWyiFsBRHtrflcws= golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28= -golang.org/x/tools v0.0.0-20200602230032-c00d67ef29d0 h1:6txNFSnY+tteYoO+hf01EpdYcYZiurdC9MDIrcUzEu4= -golang.org/x/tools v0.0.0-20200602230032-c00d67ef29d0/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200616133436-c1934b75d054 h1:HHeAlu5H9b71C+Fx0K+1dGgVFN1DM1/wz4aoGOA5qS8= +golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= @@ -774,30 +780,30 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= k8s.io/api v0.18.0-beta.2 h1:SK0PKYvDWhLz32ayrfQ1OSmEgz3sH6RvCtXpaBrv2ao= k8s.io/api v0.18.0-beta.2/go.mod h1:2oeNnWEqcSmaM/ibSh3t7xcIqbkGXhzZdn4ezV9T4m0= -k8s.io/api v0.19.0-rc.2 h1:Lq0owhvgpWXmMtz+t2AT/JJpIAPX9X8lK3oE2qslYCU= -k8s.io/api v0.19.0-rc.2/go.mod h1:9nHeM2gbqeaL7yN6UFvOxKzLG5gZ4v+DJ6bpavDetZo= +k8s.io/api v0.19.0 h1:XyrFIJqTYZJ2DU7FBE/bSPz7b1HvbVBuBf07oeo6eTc= +k8s.io/api v0.19.0/go.mod h1:I1K45XlvTrDjmj5LoM5LuP/KYrhWbjUKT/SoPG0qTjw= k8s.io/apiextensions-apiserver v0.18.0-beta.2 h1:BnuFwNZwtBxQ/r+4P9IKOu8huYW9pYJWezQ4WnoQcI8= k8s.io/apiextensions-apiserver v0.18.0-beta.2/go.mod h1:Hnrg5jx8/PbxRbUoqDGxtQkULjwx8FDW4WYJaKNK+fk= -k8s.io/apiextensions-apiserver v0.19.0-rc.2 h1:K57jvXQhrmyr58vEBWlO2eaTpDdtTOOnSIL2cnDc9Oc= -k8s.io/apiextensions-apiserver v0.19.0-rc.2/go.mod h1:LkNk/VUFXmwgURxOOQz3FJEjX/Ls0bwkq5/LIGTipIM= +k8s.io/apiextensions-apiserver v0.19.0 h1:jlY13lvZp+0p9fRX2khHFdiT9PYzT7zUrANz6R1NKtY= +k8s.io/apiextensions-apiserver v0.19.0/go.mod h1:znfQxNpjqz/ZehvbfMg5N6fvBJW5Lqu5HVLTJQdP4Fs= k8s.io/apimachinery v0.18.0-beta.2 h1:KR/mjplxzpYK/3tYez9iE4j9vMWKLSN3E2cZQqd/3KQ= k8s.io/apimachinery v0.18.0-beta.2/go.mod h1:9SnR/e11v5IbyPCGbvJViimtJ0SwHG4nfZFjU77ftcA= -k8s.io/apimachinery v0.19.0-rc.2 h1:JScnJRuwKHT8RmdrsFMkE4Oi+SVI/QIWFGOOhNZJe/M= -k8s.io/apimachinery v0.19.0-rc.2/go.mod h1:eHbWZVMaaewmYBAUuRYnAmTTMtDhvpPNZuh8/6Yl7v0= +k8s.io/apimachinery v0.19.0 h1:gjKnAda/HZp5k4xQYjL0K/Yb66IvNqjthCb03QlKpaQ= +k8s.io/apimachinery v0.19.0/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA= k8s.io/apiserver v0.18.0-beta.2 h1:UsErgJmZXL8ZwfjTN/sknOxH97nwNSoqS6osu7iL7u0= k8s.io/apiserver v0.18.0-beta.2/go.mod h1:bnblMkMoCFnIfVnVftd0SXJPzyvrk3RtaqSbblphF/A= -k8s.io/apiserver v0.19.0-rc.2 h1:ZTpOyPbd0wNC4DQDRyEtLRiWxjVnrSFfO7FdQBuEhe0= -k8s.io/apiserver v0.19.0-rc.2/go.mod h1:fJNYk3hSPRsS8uvkFoYwW17MyC5oyoPq6JCgaJM5Zmo= +k8s.io/apiserver v0.19.0 h1:jLhrL06wGAADbLUUQm8glSLnAGP6c7y5R3p19grkBoY= +k8s.io/apiserver v0.19.0/go.mod h1:XvzqavYj73931x7FLtyagh8WibHpePJ1QwWrSJs2CLk= k8s.io/client-go v0.18.0-beta.2 h1:7LXqrIxTryiPQLsQjr/8DIcIC1qhI8eSqNaaM05o6Q8= k8s.io/client-go v0.18.0-beta.2/go.mod h1:UvuVxHjKWIcgy0iMvF+bwNDW7l0mskTNOaOW1Qv5BMA= -k8s.io/client-go v0.19.0-rc.2 h1:ttUSnt95lsdRvw1MIIMppozF7BA4KMVzIxduU973h3M= -k8s.io/client-go v0.19.0-rc.2/go.mod h1:8ELpdR+MEbL/z6gbYHpB52eKPKOVJNKj4I1WiR3g87A= +k8s.io/client-go v0.19.0 h1:1+0E0zfWFIWeyRhQYWzimJOyAk2UT7TiARaLNwJCf7k= +k8s.io/client-go v0.19.0/go.mod h1:H9E/VT95blcFQnlyShFgnFT9ZnJOAceiUHM3MlRC+mU= k8s.io/code-generator v0.18.0-beta.2/go.mod h1:+UHX5rSbxmR8kzS+FAv7um6dtYrZokQvjHpDSYRVkTc= -k8s.io/code-generator v0.19.0-rc.2/go.mod h1:uR3gwQvtcOjBrvwXhFF1lw5kq9BOOAfSKl/pZZ1zW3I= +k8s.io/code-generator v0.19.0/go.mod h1:moqLn7w0t9cMs4+5CQyxnfA/HV8MF6aAVENF+WZZhgk= k8s.io/component-base v0.18.0-beta.2 h1:f2D8WjS20nJUL/Bi4cWDrWCSh1gTbnSatq/n0FqSX+c= k8s.io/component-base v0.18.0-beta.2/go.mod h1:HVk5FpRnyzQ/MjBr9//e/yEBjTVa2qjGXCTuUzcD7ks= -k8s.io/component-base v0.19.0-rc.2 h1:pJponI+sSso1sx+frQqJYWn/QhxoqpufVbQp+SOazRg= -k8s.io/component-base v0.19.0-rc.2/go.mod h1:aqXtywSxbTRUXnC1+1+DFIT1GXBxb6SogGhsHXmEbyc= +k8s.io/component-base v0.19.0 h1:OueXf1q3RW7NlLlUCj2Dimwt7E1ys6ZqRnq53l2YuoE= +k8s.io/component-base v0.19.0/go.mod h1:dKsY8BxkA+9dZIAh2aWJLL/UdASFDNtGYTCItL4LM7Y= k8s.io/gengo v0.0.0-20190128074634-0689ccc1d7d6/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200114144118-36b2048a9120/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= @@ -810,18 +816,20 @@ k8s.io/klog/v2 v2.0.0 h1:Foj74zO6RbjjP4hBEKjnYtjjAhGg4jNynUdYF6fJrok= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0 h1:XRvcwJozkgZ1UQJmfMGpvRthQHOvihEhYtDfAaxMz/A= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= +k8s.io/klog/v2 v2.3.0 h1:WmkrnW7fdrm0/DMClc+HIxtftvxVIPAhlVwMQo5yLco= +k8s.io/klog/v2 v2.3.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/kube-aggregator v0.18.0-beta.2 h1:2R1770iXAi+TfkUdJzFs5ryUfAn1KW0+jVWRGvIgINA= k8s.io/kube-aggregator v0.18.0-beta.2/go.mod h1:O3Td9mheraINbLHH4pzoFP2gRzG0Wk1COqzdSL4rBPk= -k8s.io/kube-aggregator v0.19.0-rc.2 h1:vio1J9d+UHUA/ChBeYgBKVlvzOlG4Jztz1Qw+EIGtFg= -k8s.io/kube-aggregator v0.19.0-rc.2/go.mod h1:6PWWQhJWKECXUitSZ8Mo6LD9gIu4sPZaPpOEU67NkmM= +k8s.io/kube-aggregator v0.19.0 h1:rL4fsftMaqkKjaibArYDaBeqN41CHaJzgRJjUB9IrIg= +k8s.io/kube-aggregator v0.19.0/go.mod h1:1Ln45PQggFAG8xOqWPIYMxUq8WNtpPnYsbUJ39DpF/A= k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c h1:/KUFqjjqAcY4Us6luF5RDNZ16KJtb49HfR3ZHB9qYXM= k8s.io/kube-openapi v0.0.0-20200121204235-bf4fb3bd569c/go.mod h1:GRQhZsXIAJ1xR0C9bd8UpWHZ5plfAS9fzPjJuQ6JL3E= -k8s.io/kube-openapi v0.0.0-20200427153329-656914f816f9 h1:5NC2ITmvg8RoxoH0wgmL4zn4VZqXGsKbxrikjaQx6s4= -k8s.io/kube-openapi v0.0.0-20200427153329-656914f816f9/go.mod h1:bfCVj+qXcEaE5SCvzBaqpOySr6tuCcpPKqF6HD8nyCw= +k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6 h1:+WnxoVtG8TMiudHBSEtrVL1egv36TkkJm+bA8AxicmQ= +k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o= k8s.io/utils v0.0.0-20200229041039-0a110f9eb7ab h1:I3f2hcBrepGRXI1z4sukzAb8w1R4eqbsHrAsx06LGYM= k8s.io/utils v0.0.0-20200229041039-0a110f9eb7ab/go.mod h1:sZAwmy6armz5eXlNoLmJcl4F1QuKu7sr+mFQ0byX7Ew= -k8s.io/utils v0.0.0-20200720150651-0bdb4ca86cbc h1:GiXZzevctVRRBh56shqcqB9s9ReWMU6GTsFyE2RCFJQ= -k8s.io/utils v0.0.0-20200720150651-0bdb4ca86cbc/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= +k8s.io/utils v0.0.0-20200729134348-d5654de09c73 h1:uJmqzgNWG7XyClnU/mLPBWwfKKF1K8Hf8whTseBgJcg= +k8s.io/utils v0.0.0-20200729134348-d5654de09c73/go.mod h1:jPW/WVKK9YHAvNhRxK0md/EJ228hCsBRufyofKtW8HA= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7 h1:uuHDyjllyzRyCIvvn0OBjiRB0SgBZGqHNYAmjR7fO50= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.7/go.mod h1:PHgbrJT7lCHcxMU+mDHEm+nx46H4zuuHZkDP6icnhu0= @@ -830,8 +838,8 @@ sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.9/go.mod h1:dzAXnQb sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= sigs.k8s.io/structured-merge-diff/v3 v3.0.0 h1:dOmIZBMfhcHS09XZkMyUgkq5trg3/jRyJYFZUiaOp8E= sigs.k8s.io/structured-merge-diff/v3 v3.0.0/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= -sigs.k8s.io/structured-merge-diff/v3 v3.0.1-0.20200706213357-43c19bbb7fba h1:AAbnc5KQuTWKuh2QSnyghKIOTFzB0Jayv7/OFDn3Cy4= -sigs.k8s.io/structured-merge-diff/v3 v3.0.1-0.20200706213357-43c19bbb7fba/go.mod h1:V06abazjHneE37ZdSY/UUwPVgcJMKI/jU5XGUjgIKoc= +sigs.k8s.io/structured-merge-diff/v4 v4.0.1 h1:YXTMot5Qz/X1iBRJhAt+vI+HVttY0WkSqqhKxQ0xVbA= +sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q= diff --git a/vendor/github.com/evanphx/json-patch/.travis.yml b/vendor/github.com/evanphx/json-patch/.travis.yml index 2092c72c46..50e4afd19a 100644 --- a/vendor/github.com/evanphx/json-patch/.travis.yml +++ b/vendor/github.com/evanphx/json-patch/.travis.yml @@ -1,8 +1,8 @@ language: go go: - - 1.8 - - 1.7 + - 1.14 + - 1.13 install: - if ! go get code.google.com/p/go.tools/cmd/cover; then go get golang.org/x/tools/cmd/cover; fi @@ -11,6 +11,9 @@ install: script: - go get - go test -cover ./... + - cd ./v5 + - go get + - go test -cover ./... notifications: email: false diff --git a/vendor/github.com/evanphx/json-patch/LICENSE b/vendor/github.com/evanphx/json-patch/LICENSE index 0eb9b72d84..df76d7d771 100644 --- a/vendor/github.com/evanphx/json-patch/LICENSE +++ b/vendor/github.com/evanphx/json-patch/LICENSE @@ -6,7 +6,7 @@ modification, are permitted provided that the following conditions are met: * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. -* Redistributions in binary form must reproduce the above copyright notice +* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. * Neither the name of the Evan Phoenix nor the names of its contributors diff --git a/vendor/github.com/evanphx/json-patch/README.md b/vendor/github.com/evanphx/json-patch/README.md index 9c7f87f7ce..121b039dba 100644 --- a/vendor/github.com/evanphx/json-patch/README.md +++ b/vendor/github.com/evanphx/json-patch/README.md @@ -1,5 +1,5 @@ # JSON-Patch -`jsonpatch` is a library which provides functionallity for both applying +`jsonpatch` is a library which provides functionality for both applying [RFC6902 JSON patches](http://tools.ietf.org/html/rfc6902) against documents, as well as for calculating & applying [RFC7396 JSON merge patches](https://tools.ietf.org/html/rfc7396). @@ -11,10 +11,11 @@ well as for calculating & applying [RFC7396 JSON merge patches](https://tools.ie **Latest and greatest**: ```bash -go get -u github.com/evanphx/json-patch +go get -u github.com/evanphx/json-patch/v5 ``` **Stable Versions**: +* Version 5: `go get -u gopkg.in/evanphx/json-patch.v5` * Version 4: `go get -u gopkg.in/evanphx/json-patch.v4` (previous versions below `v3` are unavailable) @@ -82,7 +83,7 @@ When ran, you get the following output: ```bash $ go run main.go patch document: {"height":null,"name":"Jane"} -updated tina doc: {"age":28,"name":"Jane"} +updated alternative doc: {"age":28,"name":"Jane"} ``` ## Create and apply a JSON Patch @@ -164,7 +165,7 @@ func main() { } if !jsonpatch.Equal(original, different) { - fmt.Println(`"original" is _not_ structurally equal to "similar"`) + fmt.Println(`"original" is _not_ structurally equal to "different"`) } } ``` @@ -173,7 +174,7 @@ When ran, you get the following output: ```bash $ go run main.go "original" is structurally equal to "similar" -"original" is _not_ structurally equal to "similar" +"original" is _not_ structurally equal to "different" ``` ## Combine merge patches diff --git a/vendor/github.com/evanphx/json-patch/merge.go b/vendor/github.com/evanphx/json-patch/merge.go index 6806c4c200..14e8bb5ce3 100644 --- a/vendor/github.com/evanphx/json-patch/merge.go +++ b/vendor/github.com/evanphx/json-patch/merge.go @@ -307,13 +307,16 @@ func matchesValue(av, bv interface{}) bool { return true case map[string]interface{}: bt := bv.(map[string]interface{}) - for key := range at { - if !matchesValue(at[key], bt[key]) { - return false - } + if len(bt) != len(at) { + return false } for key := range bt { - if !matchesValue(at[key], bt[key]) { + av, aOK := at[key] + bv, bOK := bt[key] + if aOK != bOK { + return false + } + if !matchesValue(av, bv) { return false } } diff --git a/vendor/github.com/evanphx/json-patch/patch.go b/vendor/github.com/evanphx/json-patch/patch.go index c9cf590216..f185a45b2c 100644 --- a/vendor/github.com/evanphx/json-patch/patch.go +++ b/vendor/github.com/evanphx/json-patch/patch.go @@ -6,6 +6,8 @@ import ( "fmt" "strconv" "strings" + + "github.com/pkg/errors" ) const ( @@ -24,6 +26,14 @@ var ( AccumulatedCopySizeLimit int64 = 0 ) +var ( + ErrTestFailed = errors.New("test failed") + ErrMissing = errors.New("missing value") + ErrUnknownType = errors.New("unknown object type") + ErrInvalid = errors.New("invalid state detected") + ErrInvalidIndex = errors.New("invalid index referenced") +) + type lazyNode struct { raw *json.RawMessage doc partialDoc @@ -31,10 +41,11 @@ type lazyNode struct { which int } -type operation map[string]*json.RawMessage +// Operation is a single JSON-Patch step, such as a single 'add' operation. +type Operation map[string]*json.RawMessage -// Patch is an ordered collection of operations. -type Patch []operation +// Patch is an ordered collection of Operations. +type Patch []Operation type partialDoc map[string]*lazyNode type partialArray []*lazyNode @@ -59,7 +70,7 @@ func (n *lazyNode) MarshalJSON() ([]byte, error) { case eAry: return json.Marshal(n.ary) default: - return nil, fmt.Errorf("Unknown type") + return nil, ErrUnknownType } } @@ -91,7 +102,7 @@ func (n *lazyNode) intoDoc() (*partialDoc, error) { } if n.raw == nil { - return nil, fmt.Errorf("Unable to unmarshal nil pointer as partial document") + return nil, ErrInvalid } err := json.Unmarshal(*n.raw, &n.doc) @@ -110,7 +121,7 @@ func (n *lazyNode) intoAry() (*partialArray, error) { } if n.raw == nil { - return nil, fmt.Errorf("Unable to unmarshal nil pointer as partial array") + return nil, ErrInvalid } err := json.Unmarshal(*n.raw, &n.ary) @@ -191,6 +202,10 @@ func (n *lazyNode) equal(o *lazyNode) bool { return false } + if len(n.doc) != len(o.doc) { + return false + } + for k, v := range n.doc { ov, ok := o.doc[k] @@ -198,6 +213,10 @@ func (n *lazyNode) equal(o *lazyNode) bool { return false } + if (v == nil) != (ov == nil) { + return false + } + if v == nil && ov == nil { continue } @@ -227,7 +246,8 @@ func (n *lazyNode) equal(o *lazyNode) bool { return true } -func (o operation) kind() string { +// Kind reads the "op" field of the Operation. +func (o Operation) Kind() string { if obj, ok := o["op"]; ok && obj != nil { var op string @@ -243,39 +263,41 @@ func (o operation) kind() string { return "unknown" } -func (o operation) path() string { +// Path reads the "path" field of the Operation. +func (o Operation) Path() (string, error) { if obj, ok := o["path"]; ok && obj != nil { var op string err := json.Unmarshal(*obj, &op) if err != nil { - return "unknown" + return "unknown", err } - return op + return op, nil } - return "unknown" + return "unknown", errors.Wrapf(ErrMissing, "operation missing path field") } -func (o operation) from() string { +// From reads the "from" field of the Operation. +func (o Operation) From() (string, error) { if obj, ok := o["from"]; ok && obj != nil { var op string err := json.Unmarshal(*obj, &op) if err != nil { - return "unknown" + return "unknown", err } - return op + return op, nil } - return "unknown" + return "unknown", errors.Wrapf(ErrMissing, "operation, missing from field") } -func (o operation) value() *lazyNode { +func (o Operation) value() *lazyNode { if obj, ok := o["value"]; ok { return newLazyNode(obj) } @@ -283,6 +305,23 @@ func (o operation) value() *lazyNode { return nil } +// ValueInterface decodes the operation value into an interface. +func (o Operation) ValueInterface() (interface{}, error) { + if obj, ok := o["value"]; ok && obj != nil { + var v interface{} + + err := json.Unmarshal(*obj, &v) + + if err != nil { + return nil, err + } + + return v, nil + } + + return nil, errors.Wrapf(ErrMissing, "operation, missing value field") +} + func isArray(buf []byte) bool { Loop: for _, c := range buf { @@ -359,7 +398,7 @@ func (d *partialDoc) get(key string) (*lazyNode, error) { func (d *partialDoc) remove(key string) error { _, ok := (*d)[key] if !ok { - return fmt.Errorf("Unable to remove nonexistent key: %s", key) + return errors.Wrapf(ErrMissing, "Unable to remove nonexistent key: %s", key) } delete(*d, key) @@ -385,7 +424,7 @@ func (d *partialArray) add(key string, val *lazyNode) error { idx, err := strconv.Atoi(key) if err != nil { - return err + return errors.Wrapf(err, "value was not a proper array index: '%s'", key) } sz := len(*d) + 1 @@ -395,17 +434,17 @@ func (d *partialArray) add(key string, val *lazyNode) error { cur := *d if idx >= len(ary) { - return fmt.Errorf("Unable to access invalid index: %d", idx) + return errors.Wrapf(ErrInvalidIndex, "Unable to access invalid index: %d", idx) } - if SupportNegativeIndices { - if idx < -len(ary) { - return fmt.Errorf("Unable to access invalid index: %d", idx) + if idx < 0 { + if !SupportNegativeIndices { + return errors.Wrapf(ErrInvalidIndex, "Unable to access invalid index: %d", idx) } - - if idx < 0 { - idx += len(ary) + if idx < -len(ary) { + return errors.Wrapf(ErrInvalidIndex, "Unable to access invalid index: %d", idx) } + idx += len(ary) } copy(ary[0:idx], cur[0:idx]) @@ -424,7 +463,7 @@ func (d *partialArray) get(key string) (*lazyNode, error) { } if idx >= len(*d) { - return nil, fmt.Errorf("Unable to access invalid index: %d", idx) + return nil, errors.Wrapf(ErrInvalidIndex, "Unable to access invalid index: %d", idx) } return (*d)[idx], nil @@ -439,17 +478,17 @@ func (d *partialArray) remove(key string) error { cur := *d if idx >= len(cur) { - return fmt.Errorf("Unable to access invalid index: %d", idx) + return errors.Wrapf(ErrInvalidIndex, "Unable to access invalid index: %d", idx) } - if SupportNegativeIndices { - if idx < -len(cur) { - return fmt.Errorf("Unable to access invalid index: %d", idx) + if idx < 0 { + if !SupportNegativeIndices { + return errors.Wrapf(ErrInvalidIndex, "Unable to access invalid index: %d", idx) } - - if idx < 0 { - idx += len(cur) + if idx < -len(cur) { + return errors.Wrapf(ErrInvalidIndex, "Unable to access invalid index: %d", idx) } + idx += len(cur) } ary := make([]*lazyNode, len(cur)-1) @@ -462,140 +501,189 @@ func (d *partialArray) remove(key string) error { } -func (p Patch) add(doc *container, op operation) error { - path := op.path() +func (p Patch) add(doc *container, op Operation) error { + path, err := op.Path() + if err != nil { + return errors.Wrapf(ErrMissing, "add operation failed to decode path") + } con, key := findObject(doc, path) if con == nil { - return fmt.Errorf("jsonpatch add operation does not apply: doc is missing path: \"%s\"", path) + return errors.Wrapf(ErrMissing, "add operation does not apply: doc is missing path: \"%s\"", path) } - return con.add(key, op.value()) + err = con.add(key, op.value()) + if err != nil { + return errors.Wrapf(err, "error in add for path: '%s'", path) + } + + return nil } -func (p Patch) remove(doc *container, op operation) error { - path := op.path() +func (p Patch) remove(doc *container, op Operation) error { + path, err := op.Path() + if err != nil { + return errors.Wrapf(ErrMissing, "remove operation failed to decode path") + } con, key := findObject(doc, path) if con == nil { - return fmt.Errorf("jsonpatch remove operation does not apply: doc is missing path: \"%s\"", path) + return errors.Wrapf(ErrMissing, "remove operation does not apply: doc is missing path: \"%s\"", path) + } + + err = con.remove(key) + if err != nil { + return errors.Wrapf(err, "error in remove for path: '%s'", path) } - return con.remove(key) + return nil } -func (p Patch) replace(doc *container, op operation) error { - path := op.path() +func (p Patch) replace(doc *container, op Operation) error { + path, err := op.Path() + if err != nil { + return errors.Wrapf(err, "replace operation failed to decode path") + } con, key := findObject(doc, path) if con == nil { - return fmt.Errorf("jsonpatch replace operation does not apply: doc is missing path: %s", path) + return errors.Wrapf(ErrMissing, "replace operation does not apply: doc is missing path: %s", path) } _, ok := con.get(key) if ok != nil { - return fmt.Errorf("jsonpatch replace operation does not apply: doc is missing key: %s", path) + return errors.Wrapf(ErrMissing, "replace operation does not apply: doc is missing key: %s", path) } - return con.set(key, op.value()) + err = con.set(key, op.value()) + if err != nil { + return errors.Wrapf(err, "error in remove for path: '%s'", path) + } + + return nil } -func (p Patch) move(doc *container, op operation) error { - from := op.from() +func (p Patch) move(doc *container, op Operation) error { + from, err := op.From() + if err != nil { + return errors.Wrapf(err, "move operation failed to decode from") + } con, key := findObject(doc, from) if con == nil { - return fmt.Errorf("jsonpatch move operation does not apply: doc is missing from path: %s", from) + return errors.Wrapf(ErrMissing, "move operation does not apply: doc is missing from path: %s", from) } val, err := con.get(key) if err != nil { - return err + return errors.Wrapf(err, "error in move for path: '%s'", key) } err = con.remove(key) if err != nil { - return err + return errors.Wrapf(err, "error in move for path: '%s'", key) } - path := op.path() + path, err := op.Path() + if err != nil { + return errors.Wrapf(err, "move operation failed to decode path") + } con, key = findObject(doc, path) if con == nil { - return fmt.Errorf("jsonpatch move operation does not apply: doc is missing destination path: %s", path) + return errors.Wrapf(ErrMissing, "move operation does not apply: doc is missing destination path: %s", path) } - return con.add(key, val) + err = con.add(key, val) + if err != nil { + return errors.Wrapf(err, "error in move for path: '%s'", path) + } + + return nil } -func (p Patch) test(doc *container, op operation) error { - path := op.path() +func (p Patch) test(doc *container, op Operation) error { + path, err := op.Path() + if err != nil { + return errors.Wrapf(err, "test operation failed to decode path") + } con, key := findObject(doc, path) if con == nil { - return fmt.Errorf("jsonpatch test operation does not apply: is missing path: %s", path) + return errors.Wrapf(ErrMissing, "test operation does not apply: is missing path: %s", path) } val, err := con.get(key) - if err != nil { - return err + return errors.Wrapf(err, "error in test for path: '%s'", path) } if val == nil { if op.value().raw == nil { return nil } - return fmt.Errorf("Testing value %s failed", path) + return errors.Wrapf(ErrTestFailed, "testing value %s failed", path) } else if op.value() == nil { - return fmt.Errorf("Testing value %s failed", path) + return errors.Wrapf(ErrTestFailed, "testing value %s failed", path) } if val.equal(op.value()) { return nil } - return fmt.Errorf("Testing value %s failed", path) + return errors.Wrapf(ErrTestFailed, "testing value %s failed", path) } -func (p Patch) copy(doc *container, op operation, accumulatedCopySize *int64) error { - from := op.from() +func (p Patch) copy(doc *container, op Operation, accumulatedCopySize *int64) error { + from, err := op.From() + if err != nil { + return errors.Wrapf(err, "copy operation failed to decode from") + } con, key := findObject(doc, from) if con == nil { - return fmt.Errorf("jsonpatch copy operation does not apply: doc is missing from path: %s", from) + return errors.Wrapf(ErrMissing, "copy operation does not apply: doc is missing from path: %s", from) } val, err := con.get(key) if err != nil { - return err + return errors.Wrapf(err, "error in copy for from: '%s'", from) } - path := op.path() + path, err := op.Path() + if err != nil { + return errors.Wrapf(ErrMissing, "copy operation failed to decode path") + } con, key = findObject(doc, path) if con == nil { - return fmt.Errorf("jsonpatch copy operation does not apply: doc is missing destination path: %s", path) + return errors.Wrapf(ErrMissing, "copy operation does not apply: doc is missing destination path: %s", path) } valCopy, sz, err := deepCopy(val) if err != nil { - return err + return errors.Wrapf(err, "error while performing deep copy") } + (*accumulatedCopySize) += int64(sz) if AccumulatedCopySizeLimit > 0 && *accumulatedCopySize > AccumulatedCopySizeLimit { return NewAccumulatedCopySizeError(AccumulatedCopySizeLimit, *accumulatedCopySize) } - return con.add(key, valCopy) + err = con.add(key, valCopy) + if err != nil { + return errors.Wrapf(err, "error while adding value during copy") + } + + return nil } // Equal indicates if 2 JSON documents have the same structural equality. @@ -651,7 +739,7 @@ func (p Patch) ApplyIndent(doc []byte, indent string) ([]byte, error) { var accumulatedCopySize int64 for _, op := range p { - switch op.kind() { + switch op.Kind() { case "add": err = p.add(&pd, op) case "remove": @@ -665,7 +753,7 @@ func (p Patch) ApplyIndent(doc []byte, indent string) ([]byte, error) { case "copy": err = p.copy(&pd, op, &accumulatedCopySize) default: - err = fmt.Errorf("Unexpected kind: %s", op.kind()) + err = fmt.Errorf("Unexpected kind: %s", op.Kind()) } if err != nil { diff --git a/vendor/github.com/openshift/api/Makefile b/vendor/github.com/openshift/api/Makefile index 4043bf04fd..7993192b6a 100644 --- a/vendor/github.com/openshift/api/Makefile +++ b/vendor/github.com/openshift/api/Makefile @@ -13,6 +13,7 @@ GO_BUILD_PACKAGES :=$(GO_PACKAGES) GO_BUILD_PACKAGES_EXPANDED :=$(GO_BUILD_PACKAGES) # LDFLAGS are not needed for dummy builds (saving time on calling git commands) GO_LD_FLAGS:= +CONTROLLER_GEN_VERSION :=v0.2.5 # $1 - target name # $2 - apis @@ -20,6 +21,7 @@ GO_LD_FLAGS:= # $4 - output $(call add-crd-gen,authorization,./authorization/v1,./authorization/v1,./authorization/v1) $(call add-crd-gen,config,./config/v1,./config/v1,./config/v1) +$(call add-crd-gen,helm,./helm/v1beta1,./helm/v1beta1,./helm/v1beta1) $(call add-crd-gen,console,./console/v1,./console/v1,./console/v1) $(call add-crd-gen,imageregistry,./imageregistry/v1,./imageregistry/v1,./imageregistry/v1) $(call add-crd-gen,operator,./operator/v1,./operator/v1,./operator/v1) @@ -52,4 +54,4 @@ update: update-scripts update-codegen-crds generate-with-container: Dockerfile.build $(RUNTIME) build -t $(RUNTIME_IMAGE_NAME) -f Dockerfile.build . - $(RUNTIME) run -ti --rm -v $(PWD):/go/src/github.com/openshift/api:z -w /go/src/github.com/openshift/api $(RUNTIME_IMAGE_NAME) make update-scripts + $(RUNTIME) run -ti --rm -v $(PWD):/go/src/github.com/openshift/api:z -w /go/src/github.com/openshift/api $(RUNTIME_IMAGE_NAME) make update diff --git a/vendor/github.com/openshift/api/README.md b/vendor/github.com/openshift/api/README.md index 60a7e0d7db..d20dfd71f4 100644 --- a/vendor/github.com/openshift/api/README.md +++ b/vendor/github.com/openshift/api/README.md @@ -66,4 +66,15 @@ After this, calling `make update-codegen-crds` should generate a new structural 1. `// +groupName=`, this should match the `group` in your CRD `spec` 2. `// +kubebuilder:validation:Optional`, this tells the operator that fields should be optional unless explicitly marked with `// +kubebuilder:validation:Required` -For more information on the API markers to add to your Go types, see the [Kubebuilder book](https://book.kubebuilder.io/reference/markers.html) \ No newline at end of file +For more information on the API markers to add to your Go types, see the [Kubebuilder book](https://book.kubebuilder.io/reference/markers.html) + +### Post-schema-generation Patches + +Schema generation features might be limited or fall behind what CRD schemas supports in the latest Kubernetes version. +To work around this, there are two patch mechanisms implemented by the `add-crd-gen` target. Basic idea is that you +place a patch file next to the CRD yaml manifest with either `yaml-merge-patch` or `yaml-patch` as extension, +but with the same base name. The `update-codegen-crds` Makefile target will apply these **after** calling +kubebuilder's controller-gen: + +- `yaml-merge-patch`: these are applied via `yq m -x ` compare https://mikefarah.gitbook.io/yq/commands/merge#overwrite-values. +- `yaml-patch`: these are applied via `yaml-patch -o < ` using https://github.com/krishicks/yaml-patch. diff --git a/vendor/github.com/openshift/api/authorization/v1/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml b/vendor/github.com/openshift/api/authorization/v1/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml index cbbe69d284..5fbc03c98b 100644 --- a/vendor/github.com/openshift/api/authorization/v1/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml +++ b/vendor/github.com/openshift/api/authorization/v1/0000_03_authorization-openshift_01_rolebindingrestriction.crd.yaml @@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: rolebindingrestrictions.authorization.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: authorization.openshift.io names: diff --git a/vendor/github.com/openshift/api/build/v1/generated.proto b/vendor/github.com/openshift/api/build/v1/generated.proto index 46470b12c1..52910663fd 100644 --- a/vendor/github.com/openshift/api/build/v1/generated.proto +++ b/vendor/github.com/openshift/api/build/v1/generated.proto @@ -687,6 +687,7 @@ message DockerBuildStrategy { // dockerfilePath is the path of the Dockerfile that will be used to build the container image, // relative to the root of the context (contextDir). + // Defaults to `Dockerfile` if unset. optional string dockerfilePath = 6; // buildArgs contains build arguments that will be resolved in the Dockerfile. See diff --git a/vendor/github.com/openshift/api/build/v1/types.go b/vendor/github.com/openshift/api/build/v1/types.go index 1b233b5359..3c9d088f7e 100644 --- a/vendor/github.com/openshift/api/build/v1/types.go +++ b/vendor/github.com/openshift/api/build/v1/types.go @@ -713,6 +713,7 @@ type DockerBuildStrategy struct { // dockerfilePath is the path of the Dockerfile that will be used to build the container image, // relative to the root of the context (contextDir). + // Defaults to `Dockerfile` if unset. DockerfilePath string `json:"dockerfilePath,omitempty" protobuf:"bytes,6,opt,name=dockerfilePath"` // buildArgs contains build arguments that will be resolved in the Dockerfile. See diff --git a/vendor/github.com/openshift/api/build/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/build/v1/zz_generated.swagger_doc_generated.go index be0323039f..f54e07222b 100644 --- a/vendor/github.com/openshift/api/build/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/build/v1/zz_generated.swagger_doc_generated.go @@ -347,7 +347,7 @@ var map_DockerBuildStrategy = map[string]string{ "noCache": "noCache if set to true indicates that the container image build must be executed with the --no-cache=true flag", "env": "env contains additional environment variables you want to pass into a builder container.", "forcePull": "forcePull describes if the builder should pull the images from registry prior to building.", - "dockerfilePath": "dockerfilePath is the path of the Dockerfile that will be used to build the container image, relative to the root of the context (contextDir).", + "dockerfilePath": "dockerfilePath is the path of the Dockerfile that will be used to build the container image, relative to the root of the context (contextDir). Defaults to `Dockerfile` if unset.", "buildArgs": "buildArgs contains build arguments that will be resolved in the Dockerfile. See https://docs.docker.com/engine/reference/builder/#/arg for more details.", "imageOptimizationPolicy": "imageOptimizationPolicy describes what optimizations the system can use when building images to reduce the final size or time spent building the image. The default policy is 'None' which means the final build image will be equivalent to an image created by the container image build API. The experimental policy 'SkipLayers' will avoid commiting new layers in between each image step, and will fail if the Dockerfile cannot provide compatibility with the 'None' policy. An additional experimental policy 'SkipLayersAndWarn' is the same as 'SkipLayers' but simply warns if compatibility cannot be preserved.", } diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml index 114db5aec8..f7767a1242 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml @@ -2,6 +2,8 @@ kind: CustomResourceDefinition apiVersion: apiextensions.k8s.io/v1beta1 metadata: name: clusteroperators.config.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: additionalPrinterColumns: - JSONPath: .status.versions[?(@.name=="operator")].version diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml index ccde0db23b..b5dc54376d 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml @@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: clusterversions.config.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: config.openshift.io versions: @@ -162,28 +164,29 @@ spec: channel has been specified. type: array items: - description: Update represents a release of the ClusterVersionOperator, - referenced by the Image member. + description: Release represents an OpenShift release image and associated + metadata. type: object properties: - force: - description: "force allows an administrator to update to an image - that has failed verification, does not appear in the availableUpdates - list, or otherwise would be blocked by normal protections on - update. This option should only be used when the authenticity - of the provided image has been verified out of band because - the provided image will run with full administrative access - to the cluster. Do not use this flag with images that comes - from unknown or potentially malicious sources. \n This flag - does not override other forms of consistency checking that are - required before a new update is deployed." - type: boolean + channels: + description: channels is the set of Cincinnati channels to which + the release currently belongs. + type: array + items: + type: string image: description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version. type: string + url: + description: url contains information about this release. This + URL is set by the 'url' metadata property on a release or the + metadata returned by the update API and should be displayed + as a link in user interfaces. The URL field may not be set for + test or nightly releases. + type: string version: description: version is a semantic versioning identifying the update version. When this field is part of spec, version is @@ -234,24 +237,25 @@ spec: tag. type: object properties: - force: - description: "force allows an administrator to update to an image - that has failed verification, does not appear in the availableUpdates - list, or otherwise would be blocked by normal protections on update. - This option should only be used when the authenticity of the provided - image has been verified out of band because the provided image - will run with full administrative access to the cluster. Do not - use this flag with images that comes from unknown or potentially - malicious sources. \n This flag does not override other forms - of consistency checking that are required before a new update - is deployed." - type: boolean + channels: + description: channels is the set of Cincinnati channels to which + the release currently belongs. + type: array + items: + type: string image: description: image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version. type: string + url: + description: url contains information about this release. This URL + is set by the 'url' metadata property on a release or the metadata + returned by the update API and should be displayed as a link in + user interfaces. The URL field may not be set for test or nightly + releases. + type: string version: description: version is a semantic versioning identifying the update version. When this field is part of spec, version is optional diff --git a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml index 8c857d45a4..19994f42c5 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_operatorhub.crd.yaml @@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: operatorhubs.config.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: config.openshift.io names: diff --git a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml index cf04b249b9..b6fb1c48ce 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_03_config-operator_01_proxy.crd.yaml @@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: proxies.config.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: config.openshift.io scope: Cluster diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml index a4f505e103..468ad078da 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_apiserver.crd.yaml @@ -1,11 +1,12 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: apiservers.config.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: config.openshift.io scope: Cluster - preserveUnknownFields: false names: kind: APIServer singular: apiserver @@ -15,237 +16,243 @@ spec: - name: v1 served: true storage: true - subresources: - status: {} - "validation": - "openAPIV3Schema": - description: APIServer holds configuration (like serving certificates, client - CA and CORS domains) shared by all API servers in the system, among them especially - kube-apiserver and openshift-apiserver. The canonical name of an instance - is 'cluster'. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - additionalCORSAllowedOrigins: - description: additionalCORSAllowedOrigins lists additional, user-defined - regular expressions describing hosts for which the API server allows - access using the CORS headers. This may be needed to access the API - and the integrated OAuth server from JavaScript applications. The - values are regular expressions that correspond to the Golang regular - expression language. - type: array - items: - type: string - audit: - description: audit specifies the settings for audit configuration to - be applied to all OpenShift-provided API servers in the cluster. - type: object - default: - profile: Default - properties: - profile: - description: "profile specifies the name of the desired audit policy - configuration to be deployed to all OpenShift-provided API servers - in the cluster \n We provide the following profiles - Default - - WriteRequestBodies - AllRequestBodies If unset, the 'Default' - profile is used as the default." + subresources: + status: {} + schema: + "openAPIV3Schema": + description: APIServer holds configuration (like serving certificates, client + CA and CORS domains) shared by all API servers in the system, among them + especially kube-apiserver and openshift-apiserver. The canonical name of + an instance is 'cluster'. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + additionalCORSAllowedOrigins: + description: additionalCORSAllowedOrigins lists additional, user-defined + regular expressions describing hosts for which the API server allows + access using the CORS headers. This may be needed to access the + API and the integrated OAuth server from JavaScript applications. + The values are regular expressions that correspond to the Golang + regular expression language. + type: array + items: type: string - default: Default - enum: - - Default - - WriteRequestBodies - - AllRequestBodies - clientCA: - description: 'clientCA references a ConfigMap containing a certificate - bundle for the signers that will be recognized for incoming client - certificates in addition to the operator managed signers. If this - is empty, then only operator managed signers are valid. You usually - only have to set this if you have your own PKI you wish to honor client - certificates from. The ConfigMap must exist in the openshift-config - namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] - - CA bundle.' - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - encryption: - description: encryption allows the configuration of encryption of resources - at the datastore layer. - type: object - properties: - type: - description: "type defines what encryption type should be used to - encrypt resources at the datastore layer. When this field is unset - (i.e. when it is set to the empty string), identity is implied. - The behavior of unset can and will change over time. Even if - encryption is enabled by default, the meaning of unset may change - to a different encryption type based on changes in best practices. - \n When encryption is enabled, all sensitive resources shipped - with the platform are encrypted. This list of sensitive resources - can and will change over time. The current authoritative list - is: \n 1. secrets 2. configmaps 3. routes.route.openshift.io - \ 4. oauthaccesstokens.oauth.openshift.io 5. oauthauthorizetokens.oauth.openshift.io" - type: string - enum: - - "" - - identity - - aescbc - servingCerts: - description: servingCert is the TLS cert info for serving secure traffic. - If not specified, operator managed certificates will be used for serving - secure traffic. - type: object - properties: - namedCertificates: - description: namedCertificates references secrets containing the - TLS cert info for serving secure traffic to specific hostnames. - If no named certificates are provided, or no named certificates - match the server name as understood by a client, the defaultServingCertificate - will be used. - type: array - items: - description: APIServerNamedServingCert maps a server DNS name, - as understood by a client, to a certificate. + audit: + description: audit specifies the settings for audit configuration + to be applied to all OpenShift-provided API servers in the cluster. + type: object + default: + profile: Default + properties: + profile: + description: "profile specifies the name of the desired audit + policy configuration to be deployed to all OpenShift-provided + API servers in the cluster. \n The following profiles are provided: + - Default: the existing default policy. - WriteRequestBodies: + like 'Default', but logs request and response HTTP payloads + for write requests (create, update, patch). - AllRequestBodies: + like 'WriteRequestBodies', but also logs request and response + HTTP payloads for read requests (get, list). \n If unset, the + 'Default' profile is used as the default." + type: string + default: Default + enum: + - Default + - WriteRequestBodies + - AllRequestBodies + clientCA: + description: 'clientCA references a ConfigMap containing a certificate + bundle for the signers that will be recognized for incoming client + certificates in addition to the operator managed signers. If this + is empty, then only operator managed signers are valid. You usually + only have to set this if you have your own PKI you wish to honor + client certificates from. The ConfigMap must exist in the openshift-config + namespace and contain the following required fields: - ConfigMap.Data["ca-bundle.crt"] + - CA bundle.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + encryption: + description: encryption allows the configuration of encryption of + resources at the datastore layer. + type: object + properties: + type: + description: "type defines what encryption type should be used + to encrypt resources at the datastore layer. When this field + is unset (i.e. when it is set to the empty string), identity + is implied. The behavior of unset can and will change over time. + \ Even if encryption is enabled by default, the meaning of unset + may change to a different encryption type based on changes in + best practices. \n When encryption is enabled, all sensitive + resources shipped with the platform are encrypted. This list + of sensitive resources can and will change over time. The current + authoritative list is: \n 1. secrets 2. configmaps 3. + routes.route.openshift.io 4. oauthaccesstokens.oauth.openshift.io + \ 5. oauthauthorizetokens.oauth.openshift.io" + type: string + enum: + - "" + - identity + - aescbc + servingCerts: + description: servingCert is the TLS cert info for serving secure traffic. + If not specified, operator managed certificates will be used for + serving secure traffic. + type: object + properties: + namedCertificates: + description: namedCertificates references secrets containing the + TLS cert info for serving secure traffic to specific hostnames. + If no named certificates are provided, or no named certificates + match the server name as understood by a client, the defaultServingCertificate + will be used. + type: array + items: + description: APIServerNamedServingCert maps a server DNS name, + as understood by a client, to a certificate. + type: object + properties: + names: + description: names is a optional list of explicit DNS names + (leading wildcards allowed) that should use this certificate + to serve secure traffic. If no names are provided, the + implicit names will be extracted from the certificates. + Exact names trump over wildcard names. Explicit names + defined here trump over extracted implicit names. + type: array + items: + type: string + servingCertificate: + description: 'servingCertificate references a kubernetes.io/tls + type secret containing the TLS cert info for serving secure + traffic. The secret must exist in the openshift-config + namespace and contain the following required fields: - + Secret.Data["tls.key"] - TLS private key. - Secret.Data["tls.crt"] + - TLS certificate.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced + secret + type: string + tlsSecurityProfile: + description: "tlsSecurityProfile specifies settings for TLS connections + for externally exposed servers. \n If unset, a default (which may + change between releases) is chosen. Note that only Old and Intermediate + profiles are currently supported, and the maximum available MinTLSVersions + is VersionTLS12." + type: object + properties: + custom: + description: "custom is a user-defined TLS security profile. Be + extremely careful using a custom profile as invalid configurations + can be catastrophic. An example custom profile looks like this: + \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + \ - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 + \ minTLSVersion: TLSv1.1" type: object properties: - names: - description: names is a optional list of explicit DNS names - (leading wildcards allowed) that should use this certificate - to serve secure traffic. If no names are provided, the implicit - names will be extracted from the certificates. Exact names - trump over wildcard names. Explicit names defined here trump - over extracted implicit names. + ciphers: + description: "ciphers is used to specify the cipher algorithms + that are negotiated during the TLS handshake. Operators + may remove entries their operands do not support. For example, + to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" type: array items: type: string - servingCertificate: - description: 'servingCertificate references a kubernetes.io/tls - type secret containing the TLS cert info for serving secure - traffic. The secret must exist in the openshift-config namespace - and contain the following required fields: - Secret.Data["tls.key"] - - TLS private key. - Secret.Data["tls.crt"] - TLS certificate.' - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced - secret - type: string - tlsSecurityProfile: - description: "tlsSecurityProfile specifies settings for TLS connections - for externally exposed servers. \n If unset, a default (which may - change between releases) is chosen. Note that only Old and Intermediate - profiles are currently supported, and the maximum available MinTLSVersions - is VersionTLS12." - type: object - properties: - custom: - description: "custom is a user-defined TLS security profile. Be - extremely careful using a custom profile as invalid configurations - can be catastrophic. An example custom profile looks like this: - \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - \ - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - \ minTLSVersion: TLSv1.1" - type: object - properties: - ciphers: - description: "ciphers is used to specify the cipher algorithms - that are negotiated during the TLS handshake. Operators may - remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" - type: array - items: + minTLSVersion: + description: "minTLSVersion is used to specify the minimal + version of the TLS protocol that is negotiated during the + TLS handshake. For example, to use TLS versions 1.1, 1.2 + and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently + the highest minTLSVersion allowed is VersionTLS12" type: string - minTLSVersion: - description: "minTLSVersion is used to specify the minimal version - of the TLS protocol that is negotiated during the TLS handshake. - For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): - \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest - minTLSVersion allowed is VersionTLS12" - type: string - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - nullable: true - intermediate: - description: "intermediate is a TLS security profile based on: \n - https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - \ minTLSVersion: TLSv1.2" - type: object - nullable: true - modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - \ minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." - type: object - nullable: true - old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - \ - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - \ - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - \ - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - \ - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - \ - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: - TLSv1.0" - type: object - nullable: true - type: - description: "type is one of Old, Intermediate, Modern or Custom. - Custom provides the ability to specify individual TLS security - profile parameters. Old, Intermediate and Modern are TLS security - profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - \n The profiles are intent based, so they may change over time - as new ciphers are developed and existing ciphers are found to - be insecure. Depending on precisely which ciphers are available - to a process, the list may be reduced. \n Note that the Modern - profile is currently not supported because it is not yet well - adopted by common software libraries." - type: string - enum: - - Old - - Intermediate - - Modern - - Custom - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + nullable: true + intermediate: + description: "intermediate is a TLS security profile based on: + \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 + \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 + \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 + \ minTLSVersion: TLSv1.2" + type: object + nullable: true + modern: + description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + \ minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." + type: object + nullable: true + old: + description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 + \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 + \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 + \ - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 + \ - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA + \ - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 + \ - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA + \ - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - + DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 + \ - AES128-SHA256 - AES256-SHA256 - AES128-SHA - + AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0" + type: object + nullable: true + type: + description: "type is one of Old, Intermediate, Modern or Custom. + Custom provides the ability to specify individual TLS security + profile parameters. Old, Intermediate and Modern are TLS security + profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + \n The profiles are intent based, so they may change over time + as new ciphers are developed and existing ciphers are found + to be insecure. Depending on precisely which ciphers are available + to a process, the list may be reduced. \n Note that the Modern + profile is currently not supported because it is not yet well + adopted by common software libraries." + type: string + enum: + - Old + - Intermediate + - Modern + - Custom + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml index 08aacfeef9..c6de0ac13a 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_authentication.crd.yaml @@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: authentications.config.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: config.openshift.io names: diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml index 9291d837af..9bd6113608 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_build.crd.yaml @@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: builds.config.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: config.openshift.io scope: Cluster @@ -193,7 +195,11 @@ spec: divisor: description: Specifies the output format of the exposed resources, defaults to "1" - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true resource: description: 'Required: resource to select' type: string @@ -292,7 +298,11 @@ spec: resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object additionalProperties: - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true requests: description: 'Requests describes the minimum amount of compute resources required. If Requests is omitted for a container, @@ -300,7 +310,11 @@ spec: to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' type: object additionalProperties: - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true buildOverrides: description: BuildOverrides controls override settings for builds type: object diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml index b527f7aa32..4234d732ec 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_console.crd.yaml @@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: consoles.config.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: scope: Cluster preserveUnknownFields: false diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml index c883ee0f0c..e864cae7a1 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_dns.crd.yaml @@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: dnses.config.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: config.openshift.io names: diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml index 89084a33f5..ec458de320 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_featuregate.crd.yaml @@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: featuregates.config.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: config.openshift.io version: v1 diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml index 8e32009671..858681c9d8 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml @@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: images.config.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: config.openshift.io scope: Cluster diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml index 2ef761958a..7287300e4e 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_infrastructure.crd.yaml @@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: infrastructures.config.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: config.openshift.io names: diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml index ada4404256..bd7cdad40d 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_ingress.crd.yaml @@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: ingresses.config.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: config.openshift.io names: diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml index 958f3b7e24..5b029401b0 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_network.crd.yaml @@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: networks.config.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: config.openshift.io names: @@ -60,6 +62,7 @@ spec: type: string hostPrefix: description: The size (prefix) of block to allocate to each node. + If this field is not used by the plugin, it can be left unset. type: integer format: int32 minimum: 0 @@ -132,6 +135,7 @@ spec: type: string hostPrefix: description: The size (prefix) of block to allocate to each node. + If this field is not used by the plugin, it can be left unset. type: integer format: int32 minimum: 0 diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml index 73a9984011..35388d9c99 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_oauth.crd.yaml @@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: oauths.config.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: config.openshift.io names: diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml index a625aa6171..37541aaed4 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_project.crd.yaml @@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: projects.config.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: config.openshift.io scope: Cluster diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml index 7c1ebc34b0..9652bf1f0a 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_scheduler.crd.yaml @@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: schedulers.config.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: config.openshift.io scope: Cluster diff --git a/vendor/github.com/openshift/api/config/v1/types_apiserver.go b/vendor/github.com/openshift/api/config/v1/types_apiserver.go index 58dc811db9..42268db39b 100644 --- a/vendor/github.com/openshift/api/config/v1/types_apiserver.go +++ b/vendor/github.com/openshift/api/config/v1/types_apiserver.go @@ -77,12 +77,15 @@ const ( type Audit struct { // profile specifies the name of the desired audit policy configuration to be deployed to - // all OpenShift-provided API servers in the cluster + // all OpenShift-provided API servers in the cluster. + // + // The following profiles are provided: + // - Default: the existing default policy. + // - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for + // write requests (create, update, patch). + // - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response + // HTTP payloads for read requests (get, list). // - // We provide the following profiles - // - Default - // - WriteRequestBodies - // - AllRequestBodies // If unset, the 'Default' profile is used as the default. // +kubebuilder:default=Default Profile AuditProfileType `json:"profile,omitempty"` diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go index 771e962add..58a65228da 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_version.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_version.go @@ -84,7 +84,7 @@ type ClusterVersionStatus struct { // with the information available, which may be an image or a tag. // +kubebuilder:validation:Required // +required - Desired Update `json:"desired"` + Desired Release `json:"desired"` // history contains a list of the most recent versions applied to the cluster. // This value may be empty during cluster startup, and then will be updated @@ -127,7 +127,7 @@ type ClusterVersionStatus struct { // +nullable // +kubebuilder:validation:Required // +required - AvailableUpdates []Update `json:"availableUpdates"` + AvailableUpdates []Release `json:"availableUpdates"` } // UpdateState is a constant representing whether an update was successfully @@ -221,8 +221,7 @@ type ComponentOverride struct { // URL is a thin wrapper around string that ensures the string is a valid URL. type URL string -// Update represents a release of the ClusterVersionOperator, referenced by the -// Image member. +// Update represents an administrator update request. // +k8s:deepcopy-gen=true type Update struct { // version is a semantic versioning identifying the update version. When this @@ -251,6 +250,34 @@ type Update struct { Force bool `json:"force"` } +// Release represents an OpenShift release image and associated metadata. +// +k8s:deepcopy-gen=true +type Release struct { + // version is a semantic versioning identifying the update version. When this + // field is part of spec, version is optional if image is specified. + // +required + Version string `json:"version"` + + // image is a container image location that contains the update. When this + // field is part of spec, image is optional if version is specified and the + // availableUpdates field contains a matching version. + // +required + Image string `json:"image"` + + // url contains information about this release. This URL is set by + // the 'url' metadata property on a release or the metadata returned by + // the update API and should be displayed as a link in user + // interfaces. The URL field may not be set for test or nightly + // releases. + // +optional + URL URL `json:"url,omitempty"` + + // channels is the set of Cincinnati channels to which the release + // currently belongs. + // +optional + Channels []string `json:"channels,omitempty"` +} + // RetrievedUpdates reports whether available updates have been retrieved from // the upstream update server. The condition is Unknown before retrieval, False // if the updates could not be retrieved or recently failed, or True if the diff --git a/vendor/github.com/openshift/api/config/v1/types_network.go b/vendor/github.com/openshift/api/config/v1/types_network.go index 029ac04910..257b54b08d 100644 --- a/vendor/github.com/openshift/api/config/v1/types_network.go +++ b/vendor/github.com/openshift/api/config/v1/types_network.go @@ -84,9 +84,11 @@ type ClusterNetworkEntry struct { // The complete block for pod IPs. CIDR string `json:"cidr"` - // The size (prefix) of block to allocate to each node. + // The size (prefix) of block to allocate to each node. If this + // field is not used by the plugin, it can be left unset. // +kubebuilder:validation:Minimum=0 - HostPrefix uint32 `json:"hostPrefix"` + // +optional + HostPrefix uint32 `json:"hostPrefix,omitempty"` } // ExternalIPConfig specifies some IP blocks relevant for the ExternalIP field diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go index b81e4cc1fd..7542490ef9 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.deepcopy.go @@ -929,7 +929,7 @@ func (in *ClusterVersionSpec) DeepCopy() *ClusterVersionSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterVersionStatus) DeepCopyInto(out *ClusterVersionStatus) { *out = *in - out.Desired = in.Desired + in.Desired.DeepCopyInto(&out.Desired) if in.History != nil { in, out := &in.History, &out.History *out = make([]UpdateHistory, len(*in)) @@ -946,8 +946,10 @@ func (in *ClusterVersionStatus) DeepCopyInto(out *ClusterVersionStatus) { } if in.AvailableUpdates != nil { in, out := &in.AvailableUpdates, &out.AvailableUpdates - *out = make([]Update, len(*in)) - copy(*out, *in) + *out = make([]Release, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } } return } @@ -3256,6 +3258,27 @@ func (in *RegistrySources) DeepCopy() *RegistrySources { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Release) DeepCopyInto(out *Release) { + *out = *in + if in.Channels != nil { + in, out := &in.Channels, &out.Channels + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Release. +func (in *Release) DeepCopy() *Release { + if in == nil { + return nil + } + out := new(Release) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RemoteConnectionInfo) DeepCopyInto(out *RemoteConnectionInfo) { *out = *in diff --git a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go index e1a47303a4..72d3bb2cfd 100644 --- a/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go @@ -293,7 +293,7 @@ func (APIServerSpec) SwaggerDoc() map[string]string { } var map_Audit = map[string]string{ - "profile": "profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster\n\nWe provide the following profiles - Default - WriteRequestBodies - AllRequestBodies If unset, the 'Default' profile is used as the default.", + "profile": "profile specifies the name of the desired audit policy configuration to be deployed to all OpenShift-provided API servers in the cluster.\n\nThe following profiles are provided: - Default: the existing default policy. - WriteRequestBodies: like 'Default', but logs request and response HTTP payloads for write requests (create, update, patch). - AllRequestBodies: like 'WriteRequestBodies', but also logs request and response HTTP payloads for read requests (get, list).\n\nIf unset, the 'Default' profile is used as the default.", } func (Audit) SwaggerDoc() map[string]string { @@ -529,8 +529,20 @@ func (ComponentOverride) SwaggerDoc() map[string]string { return map_ComponentOverride } +var map_Release = map[string]string{ + "": "Release represents an OpenShift release image and associated metadata.", + "version": "version is a semantic versioning identifying the update version. When this field is part of spec, version is optional if image is specified.", + "image": "image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.", + "url": "url contains information about this release. This URL is set by the 'url' metadata property on a release or the metadata returned by the update API and should be displayed as a link in user interfaces. The URL field may not be set for test or nightly releases.", + "channels": "channels is the set of Cincinnati channels to which the release currently belongs.", +} + +func (Release) SwaggerDoc() map[string]string { + return map_Release +} + var map_Update = map[string]string{ - "": "Update represents a release of the ClusterVersionOperator, referenced by the Image member.", + "": "Update represents an administrator update request.", "version": "version is a semantic versioning identifying the update version. When this field is part of spec, version is optional if image is specified.", "image": "image is a container image location that contains the update. When this field is part of spec, image is optional if version is specified and the availableUpdates field contains a matching version.", "force": "force allows an administrator to update to an image that has failed verification, does not appear in the availableUpdates list, or otherwise would be blocked by normal protections on update. This option should only be used when the authenticity of the provided image has been verified out of band because the provided image will run with full administrative access to the cluster. Do not use this flag with images that comes from unknown or potentially malicious sources.\n\nThis flag does not override other forms of consistency checking that are required before a new update is deployed.", @@ -958,7 +970,7 @@ func (IngressSpec) SwaggerDoc() map[string]string { var map_ClusterNetworkEntry = map[string]string{ "": "ClusterNetworkEntry is a contiguous block of IP addresses from which pod IPs are allocated.", "cidr": "The complete block for pod IPs.", - "hostPrefix": "The size (prefix) of block to allocate to each node.", + "hostPrefix": "The size (prefix) of block to allocate to each node. If this field is not used by the plugin, it can be left unset.", } func (ClusterNetworkEntry) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/go.mod b/vendor/github.com/openshift/api/go.mod index dfd595f5f3..24b746a76f 100644 --- a/vendor/github.com/openshift/api/go.mod +++ b/vendor/github.com/openshift/api/go.mod @@ -4,11 +4,11 @@ go 1.13 require ( github.com/gogo/protobuf v1.3.1 - github.com/openshift/build-machinery-go v0.0.0-20200713135615-1f43d26dccc7 + github.com/openshift/build-machinery-go v0.0.0-20200819073603-48aa266c95f7 github.com/spf13/pflag v1.0.5 - golang.org/x/tools v0.0.0-20200602230032-c00d67ef29d0 - k8s.io/api v0.19.0-rc.2 - k8s.io/apimachinery v0.19.0-rc.2 - k8s.io/code-generator v0.19.0-rc.2 - k8s.io/klog v1.0.0 + golang.org/x/tools v0.0.0-20200616133436-c1934b75d054 + k8s.io/api v0.19.0 + k8s.io/apimachinery v0.19.0 + k8s.io/code-generator v0.19.0 + k8s.io/klog/v2 v2.2.0 ) diff --git a/vendor/github.com/openshift/api/go.sum b/vendor/github.com/openshift/api/go.sum index 485a363e5f..c4f904ce57 100644 --- a/vendor/github.com/openshift/api/go.sum +++ b/vendor/github.com/openshift/api/go.sum @@ -20,7 +20,7 @@ github.com/emicklei/go-restful v2.9.5+incompatible h1:spTtZBk5DYEvbxMVutUuTyh1Ao github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/evanphx/json-patch v0.0.0-20190815234213-e83c0a1c26c8/go.mod h1:pmLOTb3x90VhIKxsA9yeQG5yfOkkKnkk1h+Ql8NDYDw= +github.com/evanphx/json-patch v4.9.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.4.9/go.mod h1:znqG4EE+3YCdAaPaxE2ZRY/06pZUdp0tY4IgpuI1SZQ= github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= @@ -104,9 +104,8 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/openshift/build-machinery-go v0.0.0-20200713135615-1f43d26dccc7 h1:iP7TOaN+tEVNUQ0ODEbN1ukjLz918lsIt7Czf8giWlM= -github.com/openshift/build-machinery-go v0.0.0-20200713135615-1f43d26dccc7/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= -github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= +github.com/openshift/build-machinery-go v0.0.0-20200819073603-48aa266c95f7 h1:mOq7Mg1Q9d7nIDxe1SJ6pluMBQsbVxa6olyAGmfYWTg= +github.com/openshift/build-machinery-go v0.0.0-20200819073603-48aa266c95f7/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -119,13 +118,19 @@ github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoH github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0 h1:2E4SXV/wtOkTonXsotYi4li6zVWxYlZuYNCXe9XRJyk= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= +github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8 h1:1wopBVtVdWnn03fZelqdXTqk7U7zPQCb+T4rbU9ZEoU= golang.org/x/crypto v0.0.0-20190611184440-5c40567a22f8/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= +golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= +golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= +golang.org/x/mod v0.3.0 h1:RM4zey1++hCTbCVQfnWeKs9/IEsaBLA8vTkd0WVtmH4= +golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -135,13 +140,17 @@ golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20190827160401-ba9fcec4b297/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= +golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e h1:3G+cUijn7XD+S4eJFddp53Pv7+slrESplyjG25HgL+k= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= +golang.org/x/net v0.0.0-20200707034311-ab3426394381 h1:VXak5I6aEWmAXeQjA+QSZzlgNrpq9mjcfDemuexIKsU= +golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= +golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -164,9 +173,11 @@ golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3 golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190614205625-5aca471b1d59/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc= -golang.org/x/tools v0.0.0-20200602230032-c00d67ef29d0 h1:6txNFSnY+tteYoO+hf01EpdYcYZiurdC9MDIrcUzEu4= -golang.org/x/tools v0.0.0-20200602230032-c00d67ef29d0/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= +golang.org/x/tools v0.0.0-20200616133436-c1934b75d054 h1:HHeAlu5H9b71C+Fx0K+1dGgVFN1DM1/wz4aoGOA5qS8= +golang.org/x/tools v0.0.0-20200616133436-c1934b75d054/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= +golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= @@ -203,26 +214,23 @@ gopkg.in/yaml.v2 v2.2.8 h1:obN1ZagJSUGI0Ek/LBmuj4SNLPfIny3KsKFopxRdj10= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.19.0-rc.2 h1:Lq0owhvgpWXmMtz+t2AT/JJpIAPX9X8lK3oE2qslYCU= -k8s.io/api v0.19.0-rc.2/go.mod h1:9nHeM2gbqeaL7yN6UFvOxKzLG5gZ4v+DJ6bpavDetZo= -k8s.io/apimachinery v0.19.0-rc.2 h1:JScnJRuwKHT8RmdrsFMkE4Oi+SVI/QIWFGOOhNZJe/M= -k8s.io/apimachinery v0.19.0-rc.2/go.mod h1:eHbWZVMaaewmYBAUuRYnAmTTMtDhvpPNZuh8/6Yl7v0= -k8s.io/code-generator v0.19.0-rc.2 h1:ZSxniVYeSEv1vry0B2N+yqXAcWTJ4gzmIYadKoPNVFU= -k8s.io/code-generator v0.19.0-rc.2/go.mod h1:uR3gwQvtcOjBrvwXhFF1lw5kq9BOOAfSKl/pZZ1zW3I= +k8s.io/api v0.19.0 h1:XyrFIJqTYZJ2DU7FBE/bSPz7b1HvbVBuBf07oeo6eTc= +k8s.io/api v0.19.0/go.mod h1:I1K45XlvTrDjmj5LoM5LuP/KYrhWbjUKT/SoPG0qTjw= +k8s.io/apimachinery v0.19.0 h1:gjKnAda/HZp5k4xQYjL0K/Yb66IvNqjthCb03QlKpaQ= +k8s.io/apimachinery v0.19.0/go.mod h1:DnPGDnARWFvYa3pMHgSxtbZb7gpzzAZ1pTfaUNDVlmA= +k8s.io/code-generator v0.19.0 h1:r0BxYnttP/r8uyKd4+Njg0B57kKi8wLvwEzaaVy3iZ8= +k8s.io/code-generator v0.19.0/go.mod h1:moqLn7w0t9cMs4+5CQyxnfA/HV8MF6aAVENF+WZZhgk= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20200428234225-8167cfdcfc14 h1:t4L10Qfx/p7ASH3gXCdIUtPbbIuegCoUJf3TMSFekjw= k8s.io/gengo v0.0.0-20200428234225-8167cfdcfc14/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= -k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= -k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.0.0 h1:Foj74zO6RbjjP4hBEKjnYtjjAhGg4jNynUdYF6fJrok= k8s.io/klog/v2 v2.0.0/go.mod h1:PBfzABfn139FHAV07az/IF9Wp1bkk3vpT2XSJ76fSDE= k8s.io/klog/v2 v2.2.0 h1:XRvcwJozkgZ1UQJmfMGpvRthQHOvihEhYtDfAaxMz/A= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/kube-openapi v0.0.0-20200427153329-656914f816f9 h1:5NC2ITmvg8RoxoH0wgmL4zn4VZqXGsKbxrikjaQx6s4= -k8s.io/kube-openapi v0.0.0-20200427153329-656914f816f9/go.mod h1:bfCVj+qXcEaE5SCvzBaqpOySr6tuCcpPKqF6HD8nyCw= -sigs.k8s.io/structured-merge-diff/v3 v3.0.0-20200116222232-67a7b8c61874/go.mod h1:PlARxl6Hbt/+BC80dRLi1qAmnMqwqDg62YvvVkZjemw= -sigs.k8s.io/structured-merge-diff/v3 v3.0.1-0.20200706213357-43c19bbb7fba h1:AAbnc5KQuTWKuh2QSnyghKIOTFzB0Jayv7/OFDn3Cy4= -sigs.k8s.io/structured-merge-diff/v3 v3.0.1-0.20200706213357-43c19bbb7fba/go.mod h1:V06abazjHneE37ZdSY/UUwPVgcJMKI/jU5XGUjgIKoc= +k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6 h1:+WnxoVtG8TMiudHBSEtrVL1egv36TkkJm+bA8AxicmQ= +k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6/go.mod h1:UuqjUnNftUyPE5H64/qeyjQoUZhGpeFDVdxjTeEVN2o= +sigs.k8s.io/structured-merge-diff/v4 v4.0.1 h1:YXTMot5Qz/X1iBRJhAt+vI+HVttY0WkSqqhKxQ0xVbA= +sigs.k8s.io/structured-merge-diff/v4 v4.0.1/go.mod h1:bJZC9H9iH24zzfZ/41RGcq60oK1F7G282QMXDPYydCw= sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs= sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o= sigs.k8s.io/yaml v1.2.0 h1:kr/MCeFWJWTwyaHoR9c8EjH9OumOmoF9YGiZd7lFm/Q= diff --git a/vendor/github.com/openshift/api/helm/install.go b/vendor/github.com/openshift/api/helm/install.go new file mode 100644 index 0000000000..6c8f51892a --- /dev/null +++ b/vendor/github.com/openshift/api/helm/install.go @@ -0,0 +1,26 @@ +package helm + +import ( + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + + helmv1beta1 "github.com/openshift/api/helm/v1beta1" +) + +const ( + GroupName = "helm.openshift.io" +) + +var ( + schemeBuilder = runtime.NewSchemeBuilder(helmv1beta1.Install) + // Install is a function which adds every version of this group to a scheme + Install = schemeBuilder.AddToScheme +) + +func Resource(resource string) schema.GroupResource { + return schema.GroupResource{Group: GroupName, Resource: resource} +} + +func Kind(kind string) schema.GroupKind { + return schema.GroupKind{Group: GroupName, Kind: kind} +} diff --git a/vendor/github.com/openshift/api/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml b/vendor/github.com/openshift/api/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml new file mode 100644 index 0000000000..75af27ec29 --- /dev/null +++ b/vendor/github.com/openshift/api/helm/v1beta1/0000_10-helm-chart-repository.crd.yaml @@ -0,0 +1,169 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: helmchartrepositories.helm.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" +spec: + scope: Cluster + preserveUnknownFields: false + group: helm.openshift.io + names: + kind: HelmChartRepository + listKind: HelmChartRepositoryList + plural: helmchartrepositories + singular: helmchartrepository + versions: + - name: v1beta1 + served: true + storage: true + subresources: + status: {} + "validation": + "openAPIV3Schema": + description: HelmChartRepository holds cluster-wide configuration for proxied + Helm chart repository + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + connectionConfig: + description: Required configuration for connecting to the chart repo + type: object + properties: + ca: + description: ca is an optional reference to a config map by name + containing the PEM-encoded CA bundle. It is used as a trust anchor + to validate the TLS certificate presented by the remote server. + The key "ca-bundle.crt" is used to locate the data. If empty, + the default system roots are used. The namespace for this config + map is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced config + map + type: string + tlsClientConfig: + description: tlsClientConfig is an optional reference to a secret + by name that contains the PEM-encoded TLS client certificate and + private key to present when connecting to the server. The key + "tls.crt" is used to locate the client certificate. The key "tls.key" + is used to locate the private key. The namespace for this secret + is openshift-config. + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + url: + description: Chart repository URL + type: string + maxLength: 2048 + pattern: ^https?:\/\/ + description: + description: Optional human readable repository description, it can + be used by UI for displaying purposes + type: string + maxLength: 2048 + minLength: 1 + name: + description: Optional associated human readable repository name, it + can be used by UI for displaying purposes + type: string + maxLength: 100 + minLength: 1 + status: + description: Observed status of the repository within the cluster.. + type: object + properties: + conditions: + description: conditions is a list of conditions and their statuses + type: array + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + type FooStatus struct{ // Represents the observations of a foo's + current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // + +patchStrategy=merge // +listType=map // +listMapKey=type + \ Conditions []metav1.Condition `json:\"conditions,omitempty\" + patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` + \n // other fields }" + type: object + required: + - lastTransitionTime + - message + - reason + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + type: string + format: date-time + message: + description: message is a human readable message indicating details + about the transition. This may be an empty string. + type: string + maxLength: 32768 + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + type: integer + format: int64 + minimum: 0 + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers of + specific condition types may define expected values and meanings + for this field, and whether the values are considered a guaranteed + API. The value should be a CamelCase string. This field may + not be empty. + type: string + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + status: + description: status of the condition, one of True, False, Unknown. + type: string + enum: + - "True" + - "False" + - Unknown + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + type: string + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ diff --git a/vendor/github.com/openshift/api/helm/v1beta1/doc.go b/vendor/github.com/openshift/api/helm/v1beta1/doc.go new file mode 100644 index 0000000000..8a45cd1c81 --- /dev/null +++ b/vendor/github.com/openshift/api/helm/v1beta1/doc.go @@ -0,0 +1,8 @@ +// +k8s:deepcopy-gen=package,register +// +k8s:defaulter-gen=TypeMeta +// +k8s:openapi-gen=true + +// +kubebuilder:validation:Optional +// +groupName=helm.openshift.io +// Package v1 is the v1 version of the API. +package v1beta1 diff --git a/vendor/github.com/openshift/api/helm/v1beta1/register.go b/vendor/github.com/openshift/api/helm/v1beta1/register.go new file mode 100644 index 0000000000..890474569a --- /dev/null +++ b/vendor/github.com/openshift/api/helm/v1beta1/register.go @@ -0,0 +1,38 @@ +package v1beta1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +var ( + GroupName = "helm.openshift.io" + GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1beta1"} + schemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + // Install is a function which adds this version to a scheme + Install = schemeBuilder.AddToScheme + + // SchemeGroupVersion generated code relies on this name + // Deprecated + SchemeGroupVersion = GroupVersion + // AddToScheme exists solely to keep the old generators creating valid code + // DEPRECATED + AddToScheme = schemeBuilder.AddToScheme +) + +// Resource generated code relies on this being here, but it logically belongs to the group +// DEPRECATED +func Resource(resource string) schema.GroupResource { + return schema.GroupResource{Group: GroupName, Resource: resource} +} + +// Adds the list of known types to api.Scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(GroupVersion, + &HelmChartRepository{}, + &HelmChartRepositoryList{}, + ) + metav1.AddToGroupVersion(scheme, GroupVersion) + return nil +} diff --git a/vendor/github.com/openshift/api/helm/v1beta1/types_helm.go b/vendor/github.com/openshift/api/helm/v1beta1/types_helm.go new file mode 100644 index 0000000000..33613f65cf --- /dev/null +++ b/vendor/github.com/openshift/api/helm/v1beta1/types_helm.go @@ -0,0 +1,84 @@ +package v1beta1 + +import ( + configv1 "github.com/openshift/api/config/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:plural=helmchartrepositories + +// HelmChartRepository holds cluster-wide configuration for proxied Helm chart repository +type HelmChartRepository struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec holds user settable values for configuration + // +kubebuilder:validation:Required + // +required + Spec HelmChartRepositorySpec `json:"spec"` + + // Observed status of the repository within the cluster.. + // +optional + Status HelmChartRepositoryStatus `json:"status"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +type HelmChartRepositoryList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []HelmChartRepository `json:"items"` +} + +// Helm chart repository exposed within the cluster +type HelmChartRepositorySpec struct { + + // Optional associated human readable repository name, it can be used by UI for displaying purposes + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=100 + // +optional + DisplayName string `json:"name,omitempty"` + + // Optional human readable repository description, it can be used by UI for displaying purposes + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=2048 + // +optional + Description string `json:"description,omitempty"` + + // Required configuration for connecting to the chart repo + ConnectionConfig ConnectionConfig `json:"connectionConfig"` +} + +type ConnectionConfig struct { + + // Chart repository URL + // +kubebuilder:validation:Pattern=`^https?:\/\/` + // +kubebuilder:validation:MaxLength=2048 + URL string `json:"url"` + + // ca is an optional reference to a config map by name containing the PEM-encoded CA bundle. + // It is used as a trust anchor to validate the TLS certificate presented by the remote server. + // The key "ca-bundle.crt" is used to locate the data. + // If empty, the default system roots are used. + // The namespace for this config map is openshift-config. + // +optional + CA configv1.ConfigMapNameReference `json:"ca,omitempty"` + + // tlsClientConfig is an optional reference to a secret by name that contains the + // PEM-encoded TLS client certificate and private key to present when connecting to the server. + // The key "tls.crt" is used to locate the client certificate. + // The key "tls.key" is used to locate the private key. + // The namespace for this secret is openshift-config. + // +optional + TLSClientConfig configv1.SecretNameReference `json:"tlsClientConfig,omitempty"` +} + +type HelmChartRepositoryStatus struct { + + // conditions is a list of conditions and their statuses + // +optional + Conditions []metav1.Condition `json:"conditions,omitempty"` +} diff --git a/vendor/github.com/openshift/api/helm/v1beta1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/helm/v1beta1/zz_generated.deepcopy.go new file mode 100644 index 0000000000..bf7df6c8fc --- /dev/null +++ b/vendor/github.com/openshift/api/helm/v1beta1/zz_generated.deepcopy.go @@ -0,0 +1,129 @@ +// +build !ignore_autogenerated + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1beta1 + +import ( + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConnectionConfig) DeepCopyInto(out *ConnectionConfig) { + *out = *in + out.CA = in.CA + out.TLSClientConfig = in.TLSClientConfig + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionConfig. +func (in *ConnectionConfig) DeepCopy() *ConnectionConfig { + if in == nil { + return nil + } + out := new(ConnectionConfig) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HelmChartRepository) DeepCopyInto(out *HelmChartRepository) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmChartRepository. +func (in *HelmChartRepository) DeepCopy() *HelmChartRepository { + if in == nil { + return nil + } + out := new(HelmChartRepository) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *HelmChartRepository) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HelmChartRepositoryList) DeepCopyInto(out *HelmChartRepositoryList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]HelmChartRepository, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmChartRepositoryList. +func (in *HelmChartRepositoryList) DeepCopy() *HelmChartRepositoryList { + if in == nil { + return nil + } + out := new(HelmChartRepositoryList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *HelmChartRepositoryList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HelmChartRepositorySpec) DeepCopyInto(out *HelmChartRepositorySpec) { + *out = *in + out.ConnectionConfig = in.ConnectionConfig + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmChartRepositorySpec. +func (in *HelmChartRepositorySpec) DeepCopy() *HelmChartRepositorySpec { + if in == nil { + return nil + } + out := new(HelmChartRepositorySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HelmChartRepositoryStatus) DeepCopyInto(out *HelmChartRepositoryStatus) { + *out = *in + if in.Conditions != nil { + in, out := &in.Conditions, &out.Conditions + *out = make([]v1.Condition, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HelmChartRepositoryStatus. +func (in *HelmChartRepositoryStatus) DeepCopy() *HelmChartRepositoryStatus { + if in == nil { + return nil + } + out := new(HelmChartRepositoryStatus) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/github.com/openshift/api/imageregistry/v1/00-crd.yaml b/vendor/github.com/openshift/api/imageregistry/v1/00-crd.yaml index 5e578c10a0..d67d798fea 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/00-crd.yaml +++ b/vendor/github.com/openshift/api/imageregistry/v1/00-crd.yaml @@ -1,1214 +1,1291 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: configs.imageregistry.operator.openshift.io spec: group: imageregistry.operator.openshift.io scope: Cluster - version: v1 - names: - kind: Config - listKind: ConfigList - plural: configs - singular: config - preserveUnknownFields: false - subresources: - status: {} - validation: - openAPIV3Schema: - description: Config is the configuration object for a registry instance managed - by the registry operator - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImageRegistrySpec defines the specs for the running registry. - type: object - required: - - logging - - managementState - - replicas - properties: - affinity: - description: affinity is a group of node affinity scheduling rules for - the image registry pod(s). - type: object - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - type: array - items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). - type: object - required: - - preference - - weight - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - type: object - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - type: array - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - type: array - items: + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + "schema": + "openAPIV3Schema": + description: Config is the configuration object for a registry instance managed + by the registry operator + type: object + required: + - metadata + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ImageRegistrySpec defines the specs for the running registry. + type: object + required: + - logging + - managementState + - replicas + properties: + affinity: + description: affinity is a group of node affinity scheduling rules + for the image registry pod(s). + type: object + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + type: array + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + type: object + required: + - preference + - weight + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + type: object + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + type: array + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: The label key that the selector + applies to. type: string - matchFields: - description: A list of node selector requirements - by node's fields. - type: array - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - type: array - items: + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - type: object - required: - - nodeSelectorTerms - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The - terms are ORed. - type: array - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - type: object - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - type: array - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - type: array - items: + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + type: array + items: + type: string + matchFields: + description: A list of node selector requirements + by node's fields. + type: array + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: The label key that the selector + applies to. type: string - matchFields: - description: A list of node selector requirements - by node's fields. - type: array - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - type: array - items: + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + type: array + items: + type: string + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: integer + format: int32 + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. type: object required: - - podAffinityTerm - - weight + - nodeSelectorTerms properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - type: array - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + type: array + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + type: object + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + type: array + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + type: array + items: type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. + matchFields: + description: A list of node selector requirements + by node's fields. + type: array + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may not - try to eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in - this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + required: + - key + - operator + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + type: array + items: + type: string + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + type: array + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + type: object + required: + - podAffinityTerm + - weight + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + type: object + required: + - topologyKey + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. type: object - required: - - key - - operator properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. type: array items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + additionalProperties: type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - additionalProperties: + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + type: array + items: + type: string + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. type: string - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some other - pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the anti-affinity expressions specified by this - field, but it may choose a node that violates one or more - of the expressions. The node that is most preferred is the - one with the greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource request, - requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field - and adding "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - type: array - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: integer + format: int32 + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + type: array + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + type: object + required: + - topologyKey + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. + required: + - key + - operator + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + additionalProperties: + type: string + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + type: array + items: type: string - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in - this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + type: array + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + type: object + required: + - podAffinityTerm + - weight + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + type: object + required: + - topologyKey + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. type: object - required: - - key - - operator properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. type: array items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + additionalProperties: type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - additionalProperties: + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + type: array + items: + type: string + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. type: string - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - defaultRoute: - description: defaultRoute indicates whether an external facing route - for the registry should be created using the default generated hostname. - type: boolean - disableRedirect: - description: disableRedirect controls whether to route all data through - the Registry, rather than redirecting to the backend. - type: boolean - httpSecret: - description: httpSecret is the value needed by the registry to secure - uploads, generated by default. - type: string - logging: - description: logging determines the level of logging enabled in the - registry. - type: integer - format: int64 - managementState: - description: managementState indicates whether the registry instance - represented by this config instance is under operator management or - not. Valid values are Managed, Unmanaged, and Removed. - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - nodeSelector: - description: nodeSelector defines the node selection constraints for - the registry pod. - type: object - additionalProperties: - type: string - proxy: - description: proxy defines the proxy to be used when calling master - api, upstream registries, etc. - type: object - properties: - http: - description: http defines the proxy to be used by the image registry - when accessing HTTP endpoints. - type: string - https: - description: https defines the proxy to be used by the image registry - when accessing HTTPS endpoints. - type: string - noProxy: - description: noProxy defines a comma-separated list of host names - that shouldn't go through any proxy. - type: string - readOnly: - description: readOnly indicates whether the registry instance should - reject attempts to push new images or delete existing ones. - type: boolean - replicas: - description: replicas determines the number of registry instances to - run. - type: integer - format: int32 - requests: - description: requests controls how many parallel requests a given registry - instance will handle before queuing additional requests. - type: object - properties: - read: - description: read defines limits for image registry's reads. - type: object - properties: - maxInQueue: - description: maxInQueue sets the maximum queued api requests - to the registry. - type: integer - maxRunning: - description: maxRunning sets the maximum in flight api requests - to the registry. - type: integer - maxWaitInQueue: - description: maxWaitInQueue sets the maximum time a request - can wait in the queue before being rejected. - type: string - format: duration - write: - description: write defines limits for image registry's writes. - type: object - properties: - maxInQueue: - description: maxInQueue sets the maximum queued api requests - to the registry. - type: integer - maxRunning: - description: maxRunning sets the maximum in flight api requests - to the registry. - type: integer - maxWaitInQueue: - description: maxWaitInQueue sets the maximum time a request - can wait in the queue before being rejected. - type: string - format: duration - resources: - description: resources defines the resource requests+limits for the - registry pod. - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - type: string - requests: - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - type: string - rolloutStrategy: - description: rolloutStrategy defines rollout strategy for the image - registry deployment. - type: string - pattern: ^(RollingUpdate|Recreate)$ - routes: - description: routes defines additional external facing routes which - should be created for the registry. - type: array - items: - description: ImageRegistryConfigRoute holds information on external - route access to image registry. - type: object - required: - - name - properties: - hostname: - description: hostname for the route. - type: string - name: - description: name of the route to be created. - type: string - secretName: - description: secretName points to secret containing the certificates - to be used by the route. - type: string - storage: - description: storage details for configuring registry storage, e.g. - S3 bucket coordinates. - type: object - properties: - azure: - description: azure represents configuration that uses Azure Blob - Storage. - type: object - properties: - accountName: - description: accountName defines the account to be used by the - registry. - type: string - cloudName: - description: cloudName is the name of the Azure cloud environment - to be used by the registry. If empty, the operator will set - it based on the infrastructure object. - type: string - container: - description: container defines Azure's container to be used - by registry. - type: string - maxLength: 63 - minLength: 3 - pattern: ^[0-9a-z]+(-[0-9a-z]+)*$ - emptyDir: - description: 'emptyDir represents ephemeral storage on the pod''s - host node. WARNING: this storage cannot be used with more than - 1 replica and is not suitable for production use. When the pod - is removed from a node for any reason, the data in the emptyDir - is deleted forever.' - type: object - gcs: - description: gcs represents configuration that uses Google Cloud - Storage. - type: object - properties: - bucket: - description: bucket is the bucket name in which you want to - store the registry's data. Optional, will be generated if - not provided. - type: string - keyID: - description: keyID is the KMS key ID to use for encryption. - Optional, buckets are encrypted by default on GCP. This allows - for the use of a custom encryption key. - type: string - projectID: - description: projectID is the Project ID of the GCP project - that this bucket should be associated with. - type: string - region: - description: region is the GCS location in which your bucket - exists. Optional, will be set based on the installed GCS Region. - type: string - pvc: - description: pvc represents configuration that uses a PersistentVolumeClaim. - type: object - properties: - claim: - description: claim defines the Persisent Volume Claim's name - to be used. - type: string - s3: - description: s3 represents configuration that uses Amazon Simple - Storage Service. - type: object - properties: - bucket: - description: bucket is the bucket name in which you want to - store the registry's data. Optional, will be generated if - not provided. - type: string - cloudFront: - description: cloudFront configures Amazon Cloudfront as the - storage middleware in a registry. - type: object - required: - - baseURL - - keypairID - - privateKey - properties: - baseURL: - description: baseURL contains the SCHEME://HOST[/PATH] at - which Cloudfront is served. - type: string - duration: - description: duration is the duration of the Cloudfront - session. - type: string - format: duration - keypairID: - description: keypairID is key pair ID provided by AWS. - type: string - privateKey: - description: privateKey points to secret containing the - private key, provided by AWS. + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: integer + format: int32 + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + type: array + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running type: object required: - - key + - topologyKey properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' + labelSelector: + description: A label query over a set of resources, + in this case pods. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + additionalProperties: + type: string + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + type: array + items: + type: string + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - encrypt: - description: encrypt specifies whether the registry stores the - image in encrypted format or not. Optional, defaults to false. - type: boolean - keyID: - description: keyID is the KMS key ID to use for encryption. - Optional, Encrypt must be true, or this parameter is ignored. - type: string - region: - description: region is the AWS region in which your bucket exists. - Optional, will be set based on the installed AWS Region. - type: string - regionEndpoint: - description: regionEndpoint is the endpoint for S3 compatible - storage services. Optional, defaults based on the Region that - is provided. - type: string - virtualHostedStyle: - description: virtualHostedStyle enables using S3 virtual hosted - style bucket paths with a custom RegionEndpoint Optional, - defaults to false. - type: boolean - swift: - description: swift represents configuration that uses OpenStack - Object Storage. - type: object - properties: - authURL: - description: authURL defines the URL for obtaining an authentication - token. - type: string - authVersion: - description: authVersion specifies the OpenStack Auth's version. - type: string - container: - description: container defines the name of Swift container where - to store the registry's data. - type: string - domain: - description: domain specifies Openstack's domain name for Identity - v3 API. - type: string - domainID: - description: domainID specifies Openstack's domain id for Identity - v3 API. - type: string - regionName: - description: regionName defines Openstack's region in which - container exists. - type: string - tenant: - description: tenant defines Openstack tenant name to be used - by registry. - type: string - tenantID: - description: tenant defines Openstack tenant id to be used by - registry. - type: string - tolerations: - description: tolerations defines the tolerations for the registry pod. - type: array - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . + defaultRoute: + description: defaultRoute indicates whether an external facing route + for the registry should be created using the default generated hostname. + type: boolean + disableRedirect: + description: disableRedirect controls whether to route all data through + the Registry, rather than redirecting to the backend. + type: boolean + httpSecret: + description: httpSecret is the value needed by the registry to secure + uploads, generated by default. + type: string + logLevel: + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + logging: + description: logging is deprecated, use logLevel instead. + type: integer + format: int64 + managementState: + description: managementState indicates whether and how the operator + should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + nodeSelector: + description: nodeSelector defines the node selection constraints for + the registry pod. + type: object + additionalProperties: + type: string + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: operatorLogLevel is an intent based logging for the operator + itself. It does not give fine grained control, but it is a simple + way to manage coarse grained logging choices that operators have + to interpret for themselves. + type: string + proxy: + description: proxy defines the proxy to be used when calling master + api, upstream registries, etc. type: object properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. + http: + description: http defines the proxy to be used by the image registry + when accessing HTTP endpoints. type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. + https: + description: https defines the proxy to be used by the image registry + when accessing HTTPS endpoints. type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. + noProxy: + description: noProxy defines a comma-separated list of host names + that shouldn't go through any proxy. type: string - status: - description: ImageRegistryStatus reports image registry operational status. - type: object - required: - - storage - - storageManaged - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. + readOnly: + description: readOnly indicates whether the registry instance should + reject attempts to push new images or delete existing ones. + type: boolean + replicas: + description: replicas determines the number of registry instances + to run. + type: integer + format: int32 + requests: + description: requests controls how many parallel requests a given + registry instance will handle before queuing additional requests. type: object properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs to - be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for a - given resource so that decisions about forced updates can be made. + read: + description: read defines limits for image registry's reads. + type: object + properties: + maxInQueue: + description: maxInQueue sets the maximum queued api requests + to the registry. + type: integer + maxRunning: + description: maxRunning sets the maximum in flight api requests + to the registry. + type: integer + maxWaitInQueue: + description: maxWaitInQueue sets the maximum time a request + can wait in the queue before being rejected. + type: string + format: duration + write: + description: write defines limits for image registry's writes. + type: object + properties: + maxInQueue: + description: maxInQueue sets the maximum queued api requests + to the registry. + type: integer + maxRunning: + description: maxRunning sets the maximum in flight api requests + to the registry. + type: integer + maxWaitInQueue: + description: maxWaitInQueue sets the maximum time a request + can wait in the queue before being rejected. + type: string + format: duration + resources: + description: resources defines the resource requests+limits for the + registry pod. type: object properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - storage: - description: storage indicates the current applied storage configuration - of the registry. - type: object - properties: - azure: - description: azure represents configuration that uses Azure Blob - Storage. + limits: + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + rolloutStrategy: + description: rolloutStrategy defines rollout strategy for the image + registry deployment. + type: string + pattern: ^(RollingUpdate|Recreate)$ + routes: + description: routes defines additional external facing routes which + should be created for the registry. + type: array + items: + description: ImageRegistryConfigRoute holds information on external + route access to image registry. type: object + required: + - name properties: - accountName: - description: accountName defines the account to be used by the - registry. + hostname: + description: hostname for the route. type: string - cloudName: - description: cloudName is the name of the Azure cloud environment - to be used by the registry. If empty, the operator will set - it based on the infrastructure object. + name: + description: name of the route to be created. type: string - container: - description: container defines Azure's container to be used - by registry. + secretName: + description: secretName points to secret containing the certificates + to be used by the route. type: string - maxLength: 63 - minLength: 3 - pattern: ^[0-9a-z]+(-[0-9a-z]+)*$ - emptyDir: - description: 'emptyDir represents ephemeral storage on the pod''s - host node. WARNING: this storage cannot be used with more than - 1 replica and is not suitable for production use. When the pod - is removed from a node for any reason, the data in the emptyDir - is deleted forever.' - type: object - gcs: - description: gcs represents configuration that uses Google Cloud - Storage. + storage: + description: storage details for configuring registry storage, e.g. + S3 bucket coordinates. + type: object + properties: + azure: + description: azure represents configuration that uses Azure Blob + Storage. + type: object + properties: + accountName: + description: accountName defines the account to be used by + the registry. + type: string + cloudName: + description: cloudName is the name of the Azure cloud environment + to be used by the registry. If empty, the operator will + set it based on the infrastructure object. + type: string + container: + description: container defines Azure's container to be used + by registry. + type: string + maxLength: 63 + minLength: 3 + pattern: ^[0-9a-z]+(-[0-9a-z]+)*$ + emptyDir: + description: 'emptyDir represents ephemeral storage on the pod''s + host node. WARNING: this storage cannot be used with more than + 1 replica and is not suitable for production use. When the pod + is removed from a node for any reason, the data in the emptyDir + is deleted forever.' + type: object + gcs: + description: gcs represents configuration that uses Google Cloud + Storage. + type: object + properties: + bucket: + description: bucket is the bucket name in which you want to + store the registry's data. Optional, will be generated if + not provided. + type: string + keyID: + description: keyID is the KMS key ID to use for encryption. + Optional, buckets are encrypted by default on GCP. This + allows for the use of a custom encryption key. + type: string + projectID: + description: projectID is the Project ID of the GCP project + that this bucket should be associated with. + type: string + region: + description: region is the GCS location in which your bucket + exists. Optional, will be set based on the installed GCS + Region. + type: string + managementState: + description: managementState indicates if the operator manages + the underlying storage unit. If Managed the operator will remove + the storage when this operator gets Removed. + type: string + pattern: ^(Managed|Unmanaged)$ + pvc: + description: pvc represents configuration that uses a PersistentVolumeClaim. + type: object + properties: + claim: + description: claim defines the Persisent Volume Claim's name + to be used. + type: string + s3: + description: s3 represents configuration that uses Amazon Simple + Storage Service. + type: object + properties: + bucket: + description: bucket is the bucket name in which you want to + store the registry's data. Optional, will be generated if + not provided. + type: string + cloudFront: + description: cloudFront configures Amazon Cloudfront as the + storage middleware in a registry. + type: object + required: + - baseURL + - keypairID + - privateKey + properties: + baseURL: + description: baseURL contains the SCHEME://HOST[/PATH] + at which Cloudfront is served. + type: string + duration: + description: duration is the duration of the Cloudfront + session. + type: string + format: duration + keypairID: + description: keypairID is key pair ID provided by AWS. + type: string + privateKey: + description: privateKey points to secret containing the + private key, provided by AWS. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + encrypt: + description: encrypt specifies whether the registry stores + the image in encrypted format or not. Optional, defaults + to false. + type: boolean + keyID: + description: keyID is the KMS key ID to use for encryption. + Optional, Encrypt must be true, or this parameter is ignored. + type: string + region: + description: region is the AWS region in which your bucket + exists. Optional, will be set based on the installed AWS + Region. + type: string + regionEndpoint: + description: regionEndpoint is the endpoint for S3 compatible + storage services. Optional, defaults based on the Region + that is provided. + type: string + virtualHostedStyle: + description: virtualHostedStyle enables using S3 virtual hosted + style bucket paths with a custom RegionEndpoint Optional, + defaults to false. + type: boolean + swift: + description: swift represents configuration that uses OpenStack + Object Storage. + type: object + properties: + authURL: + description: authURL defines the URL for obtaining an authentication + token. + type: string + authVersion: + description: authVersion specifies the OpenStack Auth's version. + type: string + container: + description: container defines the name of Swift container + where to store the registry's data. + type: string + domain: + description: domain specifies Openstack's domain name for + Identity v3 API. + type: string + domainID: + description: domainID specifies Openstack's domain id for + Identity v3 API. + type: string + regionName: + description: regionName defines Openstack's region in which + container exists. + type: string + tenant: + description: tenant defines Openstack tenant name to be used + by registry. + type: string + tenantID: + description: tenant defines Openstack tenant id to be used + by registry. + type: string + tolerations: + description: tolerations defines the tolerations for the registry + pod. + type: array + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . type: object properties: - bucket: - description: bucket is the bucket name in which you want to - store the registry's data. Optional, will be generated if - not provided. + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. type: string - keyID: - description: keyID is the KMS key ID to use for encryption. - Optional, buckets are encrypted by default on GCP. This allows - for the use of a custom encryption key. + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. type: string - projectID: - description: projectID is the Project ID of the GCP project - that this bucket should be associated with. + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. type: string - region: - description: region is the GCS location in which your bucket - exists. Optional, will be set based on the installed GCS Region. + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. + type: integer + format: int64 + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. type: string - pvc: - description: pvc represents configuration that uses a PersistentVolumeClaim. + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that + will override any previously set options. It only needs to be the + fields to override it will end up overlaying in the following order: + 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + description: ImageRegistryStatus reports image registry operational status. + type: object + required: + - storage + - storageManaged + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. type: object properties: - claim: - description: claim defines the Persisent Volume Claim's name - to be used. + lastTransitionTime: type: string - s3: - description: s3 represents configuration that uses Amazon Simple - Storage Service. - type: object - properties: - bucket: - description: bucket is the bucket name in which you want to - store the registry's data. Optional, will be generated if - not provided. + format: date-time + message: type: string - cloudFront: - description: cloudFront configures Amazon Cloudfront as the - storage middleware in a registry. - type: object - required: - - baseURL - - keypairID - - privateKey - properties: - baseURL: - description: baseURL contains the SCHEME://HOST[/PATH] at - which Cloudfront is served. - type: string - duration: - description: duration is the duration of the Cloudfront - session. - type: string - format: duration - keypairID: - description: keypairID is key pair ID provided by AWS. - type: string - privateKey: - description: privateKey points to secret containing the - private key, provided by AWS. - type: object - required: - - key - properties: - key: - description: The key of the secret to select from. Must - be a valid secret key. - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - optional: - description: Specify whether the Secret or its key must - be defined - type: boolean - encrypt: - description: encrypt specifies whether the registry stores the - image in encrypted format or not. Optional, defaults to false. - type: boolean - keyID: - description: keyID is the KMS key ID to use for encryption. - Optional, Encrypt must be true, or this parameter is ignored. + reason: type: string - region: - description: region is the AWS region in which your bucket exists. - Optional, will be set based on the installed AWS Region. + status: type: string - regionEndpoint: - description: regionEndpoint is the endpoint for S3 compatible - storage services. Optional, defaults based on the Region that - is provided. + type: type: string - virtualHostedStyle: - description: virtualHostedStyle enables using S3 virtual hosted - style bucket paths with a custom RegionEndpoint Optional, - defaults to false. - type: boolean - swift: - description: swift represents configuration that uses OpenStack - Object Storage. + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. type: object properties: - authURL: - description: authURL defines the URL for obtaining an authentication - token. - type: string - authVersion: - description: authVersion specifies the OpenStack Auth's version. - type: string - container: - description: container defines the name of Swift container where - to store the registry's data. - type: string - domain: - description: domain specifies Openstack's domain name for Identity - v3 API. + group: + description: group is the group of the thing you're tracking type: string - domainID: - description: domainID specifies Openstack's domain id for Identity - v3 API. + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps type: string - regionName: - description: regionName defines Openstack's region in which - container exists. + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking type: string - tenant: - description: tenant defines Openstack tenant name to be used - by registry. + namespace: + description: namespace is where the thing you're tracking is type: string - tenantID: - description: tenant defines Openstack tenant id to be used by - registry. + resource: + description: resource is the resource type of the thing you're + tracking type: string - storageManaged: - description: storageManaged is a boolean which denotes whether or not - we created the registry storage medium (such as an S3 bucket). - type: boolean - version: - description: version is the level this availability applies to - type: string + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + type: integer + format: int32 + storage: + description: storage indicates the current applied storage configuration + of the registry. + type: object + properties: + azure: + description: azure represents configuration that uses Azure Blob + Storage. + type: object + properties: + accountName: + description: accountName defines the account to be used by + the registry. + type: string + cloudName: + description: cloudName is the name of the Azure cloud environment + to be used by the registry. If empty, the operator will + set it based on the infrastructure object. + type: string + container: + description: container defines Azure's container to be used + by registry. + type: string + maxLength: 63 + minLength: 3 + pattern: ^[0-9a-z]+(-[0-9a-z]+)*$ + emptyDir: + description: 'emptyDir represents ephemeral storage on the pod''s + host node. WARNING: this storage cannot be used with more than + 1 replica and is not suitable for production use. When the pod + is removed from a node for any reason, the data in the emptyDir + is deleted forever.' + type: object + gcs: + description: gcs represents configuration that uses Google Cloud + Storage. + type: object + properties: + bucket: + description: bucket is the bucket name in which you want to + store the registry's data. Optional, will be generated if + not provided. + type: string + keyID: + description: keyID is the KMS key ID to use for encryption. + Optional, buckets are encrypted by default on GCP. This + allows for the use of a custom encryption key. + type: string + projectID: + description: projectID is the Project ID of the GCP project + that this bucket should be associated with. + type: string + region: + description: region is the GCS location in which your bucket + exists. Optional, will be set based on the installed GCS + Region. + type: string + managementState: + description: managementState indicates if the operator manages + the underlying storage unit. If Managed the operator will remove + the storage when this operator gets Removed. + type: string + pattern: ^(Managed|Unmanaged)$ + pvc: + description: pvc represents configuration that uses a PersistentVolumeClaim. + type: object + properties: + claim: + description: claim defines the Persisent Volume Claim's name + to be used. + type: string + s3: + description: s3 represents configuration that uses Amazon Simple + Storage Service. + type: object + properties: + bucket: + description: bucket is the bucket name in which you want to + store the registry's data. Optional, will be generated if + not provided. + type: string + cloudFront: + description: cloudFront configures Amazon Cloudfront as the + storage middleware in a registry. + type: object + required: + - baseURL + - keypairID + - privateKey + properties: + baseURL: + description: baseURL contains the SCHEME://HOST[/PATH] + at which Cloudfront is served. + type: string + duration: + description: duration is the duration of the Cloudfront + session. + type: string + format: duration + keypairID: + description: keypairID is key pair ID provided by AWS. + type: string + privateKey: + description: privateKey points to secret containing the + private key, provided by AWS. + type: object + required: + - key + properties: + key: + description: The key of the secret to select from. Must + be a valid secret key. + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, + uid?' + type: string + optional: + description: Specify whether the Secret or its key + must be defined + type: boolean + encrypt: + description: encrypt specifies whether the registry stores + the image in encrypted format or not. Optional, defaults + to false. + type: boolean + keyID: + description: keyID is the KMS key ID to use for encryption. + Optional, Encrypt must be true, or this parameter is ignored. + type: string + region: + description: region is the AWS region in which your bucket + exists. Optional, will be set based on the installed AWS + Region. + type: string + regionEndpoint: + description: regionEndpoint is the endpoint for S3 compatible + storage services. Optional, defaults based on the Region + that is provided. + type: string + virtualHostedStyle: + description: virtualHostedStyle enables using S3 virtual hosted + style bucket paths with a custom RegionEndpoint Optional, + defaults to false. + type: boolean + swift: + description: swift represents configuration that uses OpenStack + Object Storage. + type: object + properties: + authURL: + description: authURL defines the URL for obtaining an authentication + token. + type: string + authVersion: + description: authVersion specifies the OpenStack Auth's version. + type: string + container: + description: container defines the name of Swift container + where to store the registry's data. + type: string + domain: + description: domain specifies Openstack's domain name for + Identity v3 API. + type: string + domainID: + description: domainID specifies Openstack's domain id for + Identity v3 API. + type: string + regionName: + description: regionName defines Openstack's region in which + container exists. + type: string + tenant: + description: tenant defines Openstack tenant name to be used + by registry. + type: string + tenantID: + description: tenant defines Openstack tenant id to be used + by registry. + type: string + storageManaged: + description: storageManaged is deprecated, please refer to Storage.managementState + type: boolean + version: + description: version is the level this availability applies to + type: string + names: + kind: Config + listKind: ConfigList + plural: configs + singular: config diff --git a/vendor/github.com/openshift/api/imageregistry/v1/01-crd.yaml b/vendor/github.com/openshift/api/imageregistry/v1/01-crd.yaml index 8cf042d362..a1f7cce99e 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/01-crd.yaml +++ b/vendor/github.com/openshift/api/imageregistry/v1/01-crd.yaml @@ -1,744 +1,778 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: imagepruners.imageregistry.operator.openshift.io spec: group: imageregistry.operator.openshift.io scope: Cluster - version: v1 - preserveUnknownFields: false - subresources: - status: {} - names: - kind: ImagePruner - listKind: ImagePrunerList - plural: imagepruners - singular: imagepruner - "validation": - "openAPIV3Schema": - description: ImagePruner is the configuration object for an image registry pruner - managed by the registry operator. - type: object - required: - - metadata - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ImagePrunerSpec defines the specs for the running image pruner. - type: object - properties: - affinity: - description: affinity is a group of node affinity scheduling rules for - the image pruner pod. - type: object - properties: - nodeAffinity: - description: Describes node affinity scheduling rules for the pod. - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node matches the corresponding matchExpressions; the - node(s) with the highest sum are the most preferred. - type: array - items: - description: An empty preferred scheduling term matches all - objects with implicit weight 0 (i.e. it's a no-op). A null - preferred scheduling term matches no objects (i.e. is also - a no-op). - type: object - required: - - preference - - weight - properties: - preference: - description: A node selector term, associated with the - corresponding weight. - type: object - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - type: array - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - type: array - items: + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + "schema": + "openAPIV3Schema": + description: ImagePruner is the configuration object for an image registry + pruner managed by the registry operator. + type: object + required: + - metadata + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ImagePrunerSpec defines the specs for the running image pruner. + type: object + properties: + affinity: + description: affinity is a group of node affinity scheduling rules + for the image pruner pod. + type: object + properties: + nodeAffinity: + description: Describes node affinity scheduling rules for the + pod. + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node matches + the corresponding matchExpressions; the node(s) with the + highest sum are the most preferred. + type: array + items: + description: An empty preferred scheduling term matches + all objects with implicit weight 0 (i.e. it's a no-op). + A null preferred scheduling term matches no objects (i.e. + is also a no-op). + type: object + required: + - preference + - weight + properties: + preference: + description: A node selector term, associated with the + corresponding weight. + type: object + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + type: array + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: The label key that the selector + applies to. type: string - matchFields: - description: A list of node selector requirements - by node's fields. - type: array - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - type: array - items: + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string - weight: - description: Weight associated with matching the corresponding - nodeSelectorTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to an update), the system may or may not try to - eventually evict the pod from its node. - type: object - required: - - nodeSelectorTerms - properties: - nodeSelectorTerms: - description: Required. A list of node selector terms. The - terms are ORed. - type: array - items: - description: A null or empty node selector term matches - no objects. The requirements of them are ANDed. The - TopologySelectorTerm type implements a subset of the - NodeSelectorTerm. - type: object - properties: - matchExpressions: - description: A list of node selector requirements - by node's labels. - type: array - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - type: array - items: + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + type: array + items: + type: string + matchFields: + description: A list of node selector requirements + by node's fields. + type: array + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: The label key that the selector + applies to. type: string - matchFields: - description: A list of node selector requirements - by node's fields. - type: array - items: - description: A node selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: The label key that the selector - applies to. - type: string - operator: - description: Represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists, DoesNotExist. Gt, and Lt. - type: string - values: - description: An array of string values. If the - operator is In or NotIn, the values array - must be non-empty. If the operator is Exists - or DoesNotExist, the values array must be - empty. If the operator is Gt or Lt, the values - array must have a single element, which will - be interpreted as an integer. This array is - replaced during a strategic merge patch. - type: array - items: + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. type: string - podAffinity: - description: Describes pod affinity scheduling rules (e.g. co-locate - this pod in the same node, zone, etc. as some other pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the affinity expressions specified by this field, - but it may choose a node that violates one or more of the - expressions. The node that is most preferred is the one with - the greatest sum of weights, i.e. for each node that meets - all of the scheduling requirements (resource request, requiredDuringScheduling - affinity expressions, etc.), compute a sum by iterating through - the elements of this field and adding "weight" to the sum - if the node has pods which matches the corresponding podAffinityTerm; - the node(s) with the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + type: array + items: + type: string + weight: + description: Weight associated with matching the corresponding + nodeSelectorTerm, in the range 1-100. + type: integer + format: int32 + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to an update), the system may or may not try to + eventually evict the pod from its node. type: object required: - - podAffinityTerm - - weight + - nodeSelectorTerms properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - type: array - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. + nodeSelectorTerms: + description: Required. A list of node selector terms. + The terms are ORed. + type: array + items: + description: A null or empty node selector term matches + no objects. The requirements of them are ANDed. The + TopologySelectorTerm type implements a subset of the + NodeSelectorTerm. + type: object + properties: + matchExpressions: + description: A list of node selector requirements + by node's labels. + type: array + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + type: array + items: type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. + matchFields: + description: A list of node selector requirements + by node's fields. + type: array + items: + description: A node selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. - type: string - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the affinity requirements specified by this - field are not met at scheduling time, the pod will not be - scheduled onto the node. If the affinity requirements specified - by this field cease to be met at some point during pod execution - (e.g. due to a pod label update), the system may or may not - try to eventually evict the pod from its node. When there - are multiple elements, the lists of nodes corresponding to - each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in - this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + required: + - key + - operator + properties: + key: + description: The label key that the selector + applies to. + type: string + operator: + description: Represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists, DoesNotExist. Gt, and + Lt. + type: string + values: + description: An array of string values. If + the operator is In or NotIn, the values + array must be non-empty. If the operator + is Exists or DoesNotExist, the values array + must be empty. If the operator is Gt or + Lt, the values array must have a single + element, which will be interpreted as an + integer. This array is replaced during a + strategic merge patch. + type: array + items: + type: string + podAffinity: + description: Describes pod affinity scheduling rules (e.g. co-locate + this pod in the same node, zone, etc. as some other pod(s)). + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the affinity expressions specified by + this field, but it may choose a node that violates one or + more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + type: array + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + type: object + required: + - podAffinityTerm + - weight + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + type: object + required: + - topologyKey + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. type: object - required: - - key - - operator properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. type: array items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + additionalProperties: type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - additionalProperties: + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + type: array + items: + type: string + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. type: string - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - podAntiAffinity: - description: Describes pod anti-affinity scheduling rules (e.g. - avoid putting this pod in the same node, zone, etc. as some other - pod(s)). - type: object - properties: - preferredDuringSchedulingIgnoredDuringExecution: - description: The scheduler will prefer to schedule pods to nodes - that satisfy the anti-affinity expressions specified by this - field, but it may choose a node that violates one or more - of the expressions. The node that is most preferred is the - one with the greatest sum of weights, i.e. for each node that - meets all of the scheduling requirements (resource request, - requiredDuringScheduling anti-affinity expressions, etc.), - compute a sum by iterating through the elements of this field - and adding "weight" to the sum if the node has pods which - matches the corresponding podAffinityTerm; the node(s) with - the highest sum are the most preferred. - type: array - items: - description: The weights of all of the matched WeightedPodAffinityTerm - fields are added per-node to find the most preferred node(s) - type: object - required: - - podAffinityTerm - - weight - properties: - podAffinityTerm: - description: Required. A pod affinity term, associated - with the corresponding weight. - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, - in this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label - selector requirements. The requirements are - ANDed. - type: array - items: - description: A label selector requirement is - a selector that contains values, a key, and - an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the - selector applies to. - type: string - operator: - description: operator represents a key's - relationship to a set of values. Valid - operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string - values. If the operator is In or NotIn, - the values array must be non-empty. If - the operator is Exists or DoesNotExist, - the values array must be empty. This array - is replaced during a strategic merge patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} - pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, - whose key field is "key", the operator is "In", - and the values array contains only "value". - The requirements are ANDed. + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: integer + format: int32 + requiredDuringSchedulingIgnoredDuringExecution: + description: If the affinity requirements specified by this + field are not met at scheduling time, the pod will not be + scheduled onto the node. If the affinity requirements specified + by this field cease to be met at some point during pod execution + (e.g. due to a pod label update), the system may or may + not try to eventually evict the pod from its node. When + there are multiple elements, the lists of nodes corresponding + to each podAffinityTerm are intersected, i.e. all terms + must be satisfied. + type: array + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + type: object + required: + - topologyKey + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. type: object - additionalProperties: - type: string - namespaces: - description: namespaces specifies which namespaces - the labelSelector applies to (matches against); - null or empty list means "this pod's namespace" - type: array - items: - type: string - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods - matching the labelSelector in the specified namespaces, - where co-located is defined as running on a node - whose value of the label with key topologyKey matches - that of any node on which any of the selected pods - is running. Empty topologyKey is not allowed. + required: + - key + - operator + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + additionalProperties: + type: string + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + type: array + items: type: string - weight: - description: weight associated with matching the corresponding - podAffinityTerm, in the range 1-100. - type: integer - format: int32 - requiredDuringSchedulingIgnoredDuringExecution: - description: If the anti-affinity requirements specified by - this field are not met at scheduling time, the pod will not - be scheduled onto the node. If the anti-affinity requirements - specified by this field cease to be met at some point during - pod execution (e.g. due to a pod label update), the system - may or may not try to eventually evict the pod from its node. - When there are multiple elements, the lists of nodes corresponding - to each podAffinityTerm are intersected, i.e. all terms must - be satisfied. - type: array - items: - description: Defines a set of pods (namely those matching - the labelSelector relative to the given namespace(s)) that - this pod should be co-located (affinity) or not co-located - (anti-affinity) with, where co-located is defined as running - on a node whose value of the label with key - matches that of any node on which a pod of the set of pods - is running - type: object - required: - - topologyKey - properties: - labelSelector: - description: A label query over a set of resources, in - this case pods. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector - requirements. The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector - that contains values, a key, and an operator that - relates the key and values. + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. + type: string + podAntiAffinity: + description: Describes pod anti-affinity scheduling rules (e.g. + avoid putting this pod in the same node, zone, etc. as some + other pod(s)). + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + description: The scheduler will prefer to schedule pods to + nodes that satisfy the anti-affinity expressions specified + by this field, but it may choose a node that violates one + or more of the expressions. The node that is most preferred + is the one with the greatest sum of weights, i.e. for each + node that meets all of the scheduling requirements (resource + request, requiredDuringScheduling anti-affinity expressions, + etc.), compute a sum by iterating through the elements of + this field and adding "weight" to the sum if the node has + pods which matches the corresponding podAffinityTerm; the + node(s) with the highest sum are the most preferred. + type: array + items: + description: The weights of all of the matched WeightedPodAffinityTerm + fields are added per-node to find the most preferred node(s) + type: object + required: + - podAffinityTerm + - weight + properties: + podAffinityTerm: + description: Required. A pod affinity term, associated + with the corresponding weight. + type: object + required: + - topologyKey + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. type: object - required: - - key - - operator properties: - key: - description: key is the label key that the selector - applies to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, - NotIn, Exists and DoesNotExist. - type: string - values: - description: values is an array of string values. - If the operator is In or NotIn, the values - array must be non-empty. If the operator is - Exists or DoesNotExist, the values array must - be empty. This array is replaced during a - strategic merge patch. + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are + ANDed. type: array items: + description: A label selector requirement + is a selector that contains values, a key, + and an operator that relates the key and + values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that + the selector applies to. + type: string + operator: + description: operator represents a key's + relationship to a set of values. Valid + operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. + If the operator is Exists or DoesNotExist, + the values array must be empty. This + array is replaced during a strategic + merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is + "In", and the values array contains only "value". + The requirements are ANDed. + type: object + additionalProperties: type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. - A single {key,value} in the matchLabels map is equivalent - to an element of matchExpressions, whose key field - is "key", the operator is "In", and the values array - contains only "value". The requirements are ANDed. - type: object - additionalProperties: + namespaces: + description: namespaces specifies which namespaces + the labelSelector applies to (matches against); + null or empty list means "this pod's namespace" + type: array + items: + type: string + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods + matching the labelSelector in the specified namespaces, + where co-located is defined as running on a node + whose value of the label with key topologyKey + matches that of any node on which any of the selected + pods is running. Empty topologyKey is not allowed. type: string - namespaces: - description: namespaces specifies which namespaces the - labelSelector applies to (matches against); null or - empty list means "this pod's namespace" - type: array - items: + weight: + description: weight associated with matching the corresponding + podAffinityTerm, in the range 1-100. + type: integer + format: int32 + requiredDuringSchedulingIgnoredDuringExecution: + description: If the anti-affinity requirements specified by + this field are not met at scheduling time, the pod will + not be scheduled onto the node. If the anti-affinity requirements + specified by this field cease to be met at some point during + pod execution (e.g. due to a pod label update), the system + may or may not try to eventually evict the pod from its + node. When there are multiple elements, the lists of nodes + corresponding to each podAffinityTerm are intersected, i.e. + all terms must be satisfied. + type: array + items: + description: Defines a set of pods (namely those matching + the labelSelector relative to the given namespace(s)) + that this pod should be co-located (affinity) or not co-located + (anti-affinity) with, where co-located is defined as running + on a node whose value of the label with key + matches that of any node on which a pod of the set of + pods is running + type: object + required: + - topologyKey + properties: + labelSelector: + description: A label query over a set of resources, + in this case pods. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label + selector requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a + selector that contains values, a key, and an + operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the + selector applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are + In, NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string + values. If the operator is In or NotIn, + the values array must be non-empty. If the + operator is Exists or DoesNotExist, the + values array must be empty. This array is + replaced during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} + pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, + whose key field is "key", the operator is "In", + and the values array contains only "value". The + requirements are ANDed. + type: object + additionalProperties: + type: string + namespaces: + description: namespaces specifies which namespaces the + labelSelector applies to (matches against); null or + empty list means "this pod's namespace" + type: array + items: + type: string + topologyKey: + description: This pod should be co-located (affinity) + or not co-located (anti-affinity) with the pods matching + the labelSelector in the specified namespaces, where + co-located is defined as running on a node whose value + of the label with key topologyKey matches that of + any node on which any of the selected pods is running. + Empty topologyKey is not allowed. type: string - topologyKey: - description: This pod should be co-located (affinity) - or not co-located (anti-affinity) with the pods matching - the labelSelector in the specified namespaces, where - co-located is defined as running on a node whose value - of the label with key topologyKey matches that of any - node on which any of the selected pods is running. Empty - topologyKey is not allowed. - type: string - failedJobsHistoryLimit: - description: failedJobsHistoryLimit specifies how many failed image - pruner jobs to retain. Defaults to 3 if not set. - type: integer - format: int32 - keepTagRevisions: - description: keepTagRevisions specifies the number of image revisions - for a tag in an image stream that will be preserved. Defaults to 3. - type: integer - keepYoungerThan: - description: 'keepYoungerThan specifies the minimum age in nanoseconds - of an image and its referrers for it to be considered a candidate - for pruning. DEPRECATED: This field is deprecated in favor of keepYoungerThanDuration. - If both are set, this field is ignored and keepYoungerThanDuration - takes precedence.' - type: integer - format: int64 - keepYoungerThanDuration: - description: keepYoungerThanDuration specifies the minimum age of an - image and its referrers for it to be considered a candidate for pruning. - Defaults to 60m (60 minutes). - type: string - format: duration - nodeSelector: - description: nodeSelector defines the node selection constraints for - the image pruner pod. - type: object - additionalProperties: + failedJobsHistoryLimit: + description: failedJobsHistoryLimit specifies how many failed image + pruner jobs to retain. Defaults to 3 if not set. + type: integer + format: int32 + ignoreInvalidImageReferences: + description: ignoreInvalidImageReferences indicates whether the pruner + can ignore errors while parsing image references. + type: boolean + keepTagRevisions: + description: keepTagRevisions specifies the number of image revisions + for a tag in an image stream that will be preserved. Defaults to + 3. + type: integer + keepYoungerThan: + description: 'keepYoungerThan specifies the minimum age in nanoseconds + of an image and its referrers for it to be considered a candidate + for pruning. DEPRECATED: This field is deprecated in favor of keepYoungerThanDuration. + If both are set, this field is ignored and keepYoungerThanDuration + takes precedence.' + type: integer + format: int64 + keepYoungerThanDuration: + description: keepYoungerThanDuration specifies the minimum age of + an image and its referrers for it to be considered a candidate for + pruning. Defaults to 60m (60 minutes). type: string - resources: - description: resources defines the resource requests and limits for - the image pruner pod. - type: object - properties: - limits: - description: 'Limits describes the maximum amount of compute resources - allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - type: string - requests: - description: 'Requests describes the minimum amount of compute resources - required. If Requests is omitted for a container, it defaults - to Limits if that is explicitly specified, otherwise to an implementation-defined - value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' - type: object - additionalProperties: - type: string - schedule: - description: 'schedule specifies when to execute the job using standard - cronjob syntax: https://wikipedia.org/wiki/Cron. Defaults to `0 0 - * * *`.' - type: string - successfulJobsHistoryLimit: - description: successfulJobsHistoryLimit specifies how many successful - image pruner jobs to retain. Defaults to 3 if not set. - type: integer - format: int32 - suspend: - description: suspend specifies whether or not to suspend subsequent - executions of this cronjob. Defaults to false. - type: boolean - tolerations: - description: tolerations defines the node tolerations for the image - pruner pod. - type: array - items: - description: The pod this Toleration is attached to tolerates any - taint that matches the triple using the matching - operator . + format: duration + nodeSelector: + description: nodeSelector defines the node selection constraints for + the image pruner pod. type: object - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, operator - must be Exists; this combination means to match all values and - all keys. - type: string - operator: - description: Operator represents a key's relationship to the value. - Valid operators are Exists and Equal. Defaults to Equal. Exists - is equivalent to wildcard for value, so that a pod can tolerate - all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time the - toleration (which must be of effect NoExecute, otherwise this - field is ignored) tolerates the taint. By default, it is not - set, which means tolerate the taint forever (do not evict). - Zero and negative values will be treated as 0 (evict immediately) - by the system. - type: integer - format: int64 - value: - description: Value is the taint value the toleration matches to. - If the operator is Exists, the value should be empty, otherwise - just a regular string. - type: string - status: - description: ImagePrunerStatus reports image pruner operational status. - type: object - properties: - conditions: - description: conditions is a list of conditions and their status. - type: array - items: - description: OperatorCondition is just the standard condition fields. + additionalProperties: + type: string + resources: + description: resources defines the resource requests and limits for + the image pruner pod. type: object properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - observedGeneration: - description: observedGeneration is the last generation change that has - been applied. - type: integer - format: int64 + limits: + description: 'Limits describes the maximum amount of compute resources + allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + requests: + description: 'Requests describes the minimum amount of compute + resources required. If Requests is omitted for a container, + it defaults to Limits if that is explicitly specified, otherwise + to an implementation-defined value. More info: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + schedule: + description: 'schedule specifies when to execute the job using standard + cronjob syntax: https://wikipedia.org/wiki/Cron. Defaults to `0 + 0 * * *`.' + type: string + successfulJobsHistoryLimit: + description: successfulJobsHistoryLimit specifies how many successful + image pruner jobs to retain. Defaults to 3 if not set. + type: integer + format: int32 + suspend: + description: suspend specifies whether or not to suspend subsequent + executions of this cronjob. Defaults to false. + type: boolean + tolerations: + description: tolerations defines the node tolerations for the image + pruner pod. + type: array + items: + description: The pod this Toleration is attached to tolerates any + taint that matches the triple using the matching + operator . + type: object + properties: + effect: + description: Effect indicates the taint effect to match. Empty + means match all taint effects. When specified, allowed values + are NoSchedule, PreferNoSchedule and NoExecute. + type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match all + values and all keys. + type: string + operator: + description: Operator represents a key's relationship to the + value. Valid operators are Exists and Equal. Defaults to Equal. + Exists is equivalent to wildcard for value, so that a pod + can tolerate all taints of a particular category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of time + the toleration (which must be of effect NoExecute, otherwise + this field is ignored) tolerates the taint. By default, it + is not set, which means tolerate the taint forever (do not + evict). Zero and negative values will be treated as 0 (evict + immediately) by the system. + type: integer + format: int64 + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + status: + description: ImagePrunerStatus reports image pruner operational status. + type: object + properties: + conditions: + description: conditions is a list of conditions and their status. + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + observedGeneration: + description: observedGeneration is the last generation change that + has been applied. + type: integer + format: int64 + names: + kind: ImagePruner + listKind: ImagePrunerList + plural: imagepruners + singular: imagepruner diff --git a/vendor/github.com/openshift/api/imageregistry/v1/types.go b/vendor/github.com/openshift/api/imageregistry/v1/types.go index 6e84b13be4..69be006a26 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/types.go +++ b/vendor/github.com/openshift/api/imageregistry/v1/types.go @@ -16,6 +16,14 @@ type ConfigList struct { Items []Config `json:"items"` } +const ( + // StorageManagementStateManaged indicates the operator is managing the underlying storage. + StorageManagementStateManaged = "Managed" + // StorageManagementStateUnmanaged indicates the operator is not managing the underlying + // storage. + StorageManagementStateUnmanaged = "Unmanaged" +) + // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object @@ -33,6 +41,8 @@ type Config struct { // ImageRegistrySpec defines the specs for the running registry. type ImageRegistrySpec struct { + // operatorSpec allows operator specific configuration to be made. + operatorv1.OperatorSpec `json:",inline"` // managementState indicates whether the registry instance represented // by this config instance is under operator management or not. Valid // values are Managed, Unmanaged, and Removed. @@ -70,8 +80,8 @@ type ImageRegistrySpec struct { Routes []ImageRegistryConfigRoute `json:"routes,omitempty"` // replicas determines the number of registry instances to run. Replicas int32 `json:"replicas"` - // logging determines the level of logging enabled in the registry. - LogLevel int64 `json:"logging"` + // logging is deprecated, use logLevel instead. + Logging int64 `json:"logging"` // resources defines the resource requests+limits for the registry pod. // +optional Resources *corev1.ResourceRequirements `json:"resources,omitempty"` @@ -96,9 +106,7 @@ type ImageRegistrySpec struct { type ImageRegistryStatus struct { operatorv1.OperatorStatus `json:",inline"` - // storageManaged is a boolean which denotes whether or not - // we created the registry storage medium (such as an - // S3 bucket). + // storageManaged is deprecated, please refer to Storage.managementState StorageManaged bool `json:"storageManaged"` // storage indicates the current applied storage configuration of the // registry. @@ -283,6 +291,12 @@ type ImageRegistryConfigStorage struct { // azure represents configuration that uses Azure Blob Storage. // +optional Azure *ImageRegistryConfigStorageAzure `json:"azure,omitempty"` + // managementState indicates if the operator manages the underlying + // storage unit. If Managed the operator will remove the storage when + // this operator gets Removed. + // +optional + // +kubebuilder:validation:Pattern=`^(Managed|Unmanaged)$` + ManagementState string `json:"managementState,omitempty"` } // ImageRegistryConfigRequests defines registry limits on requests read and write. diff --git a/vendor/github.com/openshift/api/imageregistry/v1/types_imagepruner.go b/vendor/github.com/openshift/api/imageregistry/v1/types_imagepruner.go index 55360dc6a4..0ed892e009 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/types_imagepruner.go +++ b/vendor/github.com/openshift/api/imageregistry/v1/types_imagepruner.go @@ -76,6 +76,10 @@ type ImagePrunerSpec struct { // Defaults to 3 if not set. // +optional FailedJobsHistoryLimit *int32 `json:"failedJobsHistoryLimit,omitempty"` + // ignoreInvalidImageReferences indicates whether the pruner can ignore + // errors while parsing image references. + // +optional + IgnoreInvalidImageReferences bool `json:"ignoreInvalidImageReferences,omitempty"` } // ImagePrunerStatus reports image pruner operational status. diff --git a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.deepcopy.go index a58aa3bc6d..87074c50c0 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.deepcopy.go @@ -463,6 +463,7 @@ func (in *ImageRegistryConfigStorageSwift) DeepCopy() *ImageRegistryConfigStorag // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ImageRegistrySpec) DeepCopyInto(out *ImageRegistrySpec) { *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) out.Proxy = in.Proxy in.Storage.DeepCopyInto(&out.Storage) out.Requests = in.Requests diff --git a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go index fae71a443f..0084cc3669 100644 --- a/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/imageregistry/v1/zz_generated.swagger_doc_generated.go @@ -71,13 +71,14 @@ func (ImageRegistryConfigRoute) SwaggerDoc() map[string]string { } var map_ImageRegistryConfigStorage = map[string]string{ - "": "ImageRegistryConfigStorage describes how the storage should be configured for the image registry.", - "emptyDir": "emptyDir represents ephemeral storage on the pod's host node. WARNING: this storage cannot be used with more than 1 replica and is not suitable for production use. When the pod is removed from a node for any reason, the data in the emptyDir is deleted forever.", - "s3": "s3 represents configuration that uses Amazon Simple Storage Service.", - "gcs": "gcs represents configuration that uses Google Cloud Storage.", - "swift": "swift represents configuration that uses OpenStack Object Storage.", - "pvc": "pvc represents configuration that uses a PersistentVolumeClaim.", - "azure": "azure represents configuration that uses Azure Blob Storage.", + "": "ImageRegistryConfigStorage describes how the storage should be configured for the image registry.", + "emptyDir": "emptyDir represents ephemeral storage on the pod's host node. WARNING: this storage cannot be used with more than 1 replica and is not suitable for production use. When the pod is removed from a node for any reason, the data in the emptyDir is deleted forever.", + "s3": "s3 represents configuration that uses Amazon Simple Storage Service.", + "gcs": "gcs represents configuration that uses Google Cloud Storage.", + "swift": "swift represents configuration that uses OpenStack Object Storage.", + "pvc": "pvc represents configuration that uses a PersistentVolumeClaim.", + "azure": "azure represents configuration that uses Azure Blob Storage.", + "managementState": "managementState indicates if the operator manages the underlying storage unit. If Managed the operator will remove the storage when this operator gets Removed.", } func (ImageRegistryConfigStorage) SwaggerDoc() map[string]string { @@ -179,7 +180,7 @@ var map_ImageRegistrySpec = map[string]string{ "defaultRoute": "defaultRoute indicates whether an external facing route for the registry should be created using the default generated hostname.", "routes": "routes defines additional external facing routes which should be created for the registry.", "replicas": "replicas determines the number of registry instances to run.", - "logging": "logging determines the level of logging enabled in the registry.", + "logging": "logging is deprecated, use logLevel instead.", "resources": "resources defines the resource requests+limits for the registry pod.", "nodeSelector": "nodeSelector defines the node selection constraints for the registry pod.", "tolerations": "tolerations defines the tolerations for the registry pod.", @@ -193,7 +194,7 @@ func (ImageRegistrySpec) SwaggerDoc() map[string]string { var map_ImageRegistryStatus = map[string]string{ "": "ImageRegistryStatus reports image registry operational status.", - "storageManaged": "storageManaged is a boolean which denotes whether or not we created the registry storage medium (such as an S3 bucket).", + "storageManaged": "storageManaged is deprecated, please refer to Storage.managementState", "storage": "storage indicates the current applied storage configuration of the registry.", } @@ -218,18 +219,19 @@ func (ImagePrunerList) SwaggerDoc() map[string]string { } var map_ImagePrunerSpec = map[string]string{ - "": "ImagePrunerSpec defines the specs for the running image pruner.", - "schedule": "schedule specifies when to execute the job using standard cronjob syntax: https://wikipedia.org/wiki/Cron. Defaults to `0 0 * * *`.", - "suspend": "suspend specifies whether or not to suspend subsequent executions of this cronjob. Defaults to false.", - "keepTagRevisions": "keepTagRevisions specifies the number of image revisions for a tag in an image stream that will be preserved. Defaults to 3.", - "keepYoungerThan": "keepYoungerThan specifies the minimum age in nanoseconds of an image and its referrers for it to be considered a candidate for pruning. DEPRECATED: This field is deprecated in favor of keepYoungerThanDuration. If both are set, this field is ignored and keepYoungerThanDuration takes precedence.", - "keepYoungerThanDuration": "keepYoungerThanDuration specifies the minimum age of an image and its referrers for it to be considered a candidate for pruning. Defaults to 60m (60 minutes).", - "resources": "resources defines the resource requests and limits for the image pruner pod.", - "affinity": "affinity is a group of node affinity scheduling rules for the image pruner pod.", - "nodeSelector": "nodeSelector defines the node selection constraints for the image pruner pod.", - "tolerations": "tolerations defines the node tolerations for the image pruner pod.", - "successfulJobsHistoryLimit": "successfulJobsHistoryLimit specifies how many successful image pruner jobs to retain. Defaults to 3 if not set.", - "failedJobsHistoryLimit": "failedJobsHistoryLimit specifies how many failed image pruner jobs to retain. Defaults to 3 if not set.", + "": "ImagePrunerSpec defines the specs for the running image pruner.", + "schedule": "schedule specifies when to execute the job using standard cronjob syntax: https://wikipedia.org/wiki/Cron. Defaults to `0 0 * * *`.", + "suspend": "suspend specifies whether or not to suspend subsequent executions of this cronjob. Defaults to false.", + "keepTagRevisions": "keepTagRevisions specifies the number of image revisions for a tag in an image stream that will be preserved. Defaults to 3.", + "keepYoungerThan": "keepYoungerThan specifies the minimum age in nanoseconds of an image and its referrers for it to be considered a candidate for pruning. DEPRECATED: This field is deprecated in favor of keepYoungerThanDuration. If both are set, this field is ignored and keepYoungerThanDuration takes precedence.", + "keepYoungerThanDuration": "keepYoungerThanDuration specifies the minimum age of an image and its referrers for it to be considered a candidate for pruning. Defaults to 60m (60 minutes).", + "resources": "resources defines the resource requests and limits for the image pruner pod.", + "affinity": "affinity is a group of node affinity scheduling rules for the image pruner pod.", + "nodeSelector": "nodeSelector defines the node selection constraints for the image pruner pod.", + "tolerations": "tolerations defines the node tolerations for the image pruner pod.", + "successfulJobsHistoryLimit": "successfulJobsHistoryLimit specifies how many successful image pruner jobs to retain. Defaults to 3 if not set.", + "failedJobsHistoryLimit": "failedJobsHistoryLimit specifies how many failed image pruner jobs to retain. Defaults to 3 if not set.", + "ignoreInvalidImageReferences": "ignoreInvalidImageReferences indicates whether the pruner can ignore errors while parsing image references.", } func (ImagePrunerSpec) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/install.go b/vendor/github.com/openshift/api/install.go index 11c6512c52..8422d20158 100644 --- a/vendor/github.com/openshift/api/install.go +++ b/vendor/github.com/openshift/api/install.go @@ -37,6 +37,7 @@ import ( "github.com/openshift/api/authorization" "github.com/openshift/api/build" "github.com/openshift/api/config" + "github.com/openshift/api/helm" "github.com/openshift/api/image" "github.com/openshift/api/imageregistry" "github.com/openshift/api/kubecontrolplane" @@ -65,6 +66,7 @@ var ( authorization.Install, build.Install, config.Install, + helm.Install, image.Install, imageregistry.Install, kubecontrolplane.Install, diff --git a/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml index 8ce9fe994e..6beaeb259d 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml @@ -1,139 +1,146 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: configs.operator.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: scope: Cluster - preserveUnknownFields: false group: operator.openshift.io - version: v1 names: kind: Config plural: configs singular: config categories: - coreoperators - subresources: - status: {} - validation: - openAPIV3Schema: - description: Config provides information to configure the config operator. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the Config - Operator. - type: object - properties: - logLevel: - description: logLevel is an intent based logging for an overall component. It - does not give fine grained control, but it is a simple way to manage - coarse grained logging choices that operators have to interpret for - their operands. - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller has - observed from the cluster state. It exists in spec because it is - an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have to - interpret for themselves. - type: string - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - description: status defines the observed status of the Config Operator. - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: Config provides information to configure the config operator. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Config Operator. + type: object + properties: + logLevel: + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + managementState: + description: managementState indicates whether and how the operator + should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs to - be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for a - given resource so that decisions about forced updates can be made. + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: operatorLogLevel is an intent based logging for the operator + itself. It does not give fine grained control, but it is a simple + way to manage coarse grained logging choices that operators have + to interpret for themselves. + type: string + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that + will override any previously set options. It only needs to be the + fields to override it will end up overlaying in the following order: + 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + description: status defines the observed status of the Config Operator. + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_20_etcd-operator_01.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_20_etcd-operator_01.crd.yaml index ad1eadc5fd..14f6aeb576 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_20_etcd-operator_01.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_20_etcd-operator_01.crd.yaml @@ -1,197 +1,205 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: etcds.operator.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: scope: Cluster group: operator.openshift.io - version: v1 names: kind: Etcd plural: etcds singular: etcd categories: - coreoperators - preserveUnknownFields: false - subresources: - status: {} - "validation": - "openAPIV3Schema": - description: Etcd provides information to configure an operator to manage kube-apiserver. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - properties: - failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - type: integer - format: int32 - forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why you - think it will work this time instead of failing again on the same - config. - type: string - logLevel: - description: logLevel is an intent based logging for an overall component. It - does not give fine grained control, but it is a simple way to manage - coarse grained logging choices that operators have to interpret for - their operands. - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller has - observed from the cluster state. It exists in spec because it is - an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have to - interpret for themselves. - type: string - succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - type: integer - format: int32 - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: Etcd provides information to configure an operator to manage + kube-apiserver. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + type: object + properties: + failedRevisionLimit: + description: failedRevisionLimit is the number of failed static pod + installer revisions to keep on disk and in the api -1 = unlimited, + 0 or unset = 5 (default) + type: integer + format: int32 + forceRedeploymentReason: + description: forceRedeploymentReason can be used to force the redeployment + of the operand by providing a unique string. This provides a mechanism + to kick a previously failed deployment and provide a reason why + you think it will work this time instead of failing again on the + same config. + type: string + logLevel: + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + managementState: + description: managementState indicates whether and how the operator + should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs to - be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for a - given resource so that decisions about forced updates can be made. + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: operatorLogLevel is an intent based logging for the operator + itself. It does not give fine grained control, but it is a simple + way to manage coarse grained logging choices that operators have + to interpret for themselves. + type: string + succeededRevisionLimit: + description: succeededRevisionLimit is the number of successful static + pod installer revisions to keep on disk and in the api -1 = unlimited, + 0 or unset = 5 (default) + type: integer + format: int32 + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that + will override any previously set options. It only needs to be the + fields to override it will end up overlaying in the following order: + 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - type: integer - format: int32 - latestAvailableRevisionReason: - description: latestAvailableRevisionReason describe the detailed reason - for the most recent deployment - type: string - nodeStatuses: - description: nodeStatuses track the deployment values and errors across - individual nodes - type: array - items: - description: NodeStatus provides information about the current state - of a particular node managed by this operator. - type: object - properties: - currentRevision: - description: currentRevision is the generation of the most recently - successful deployment - type: integer - format: int32 - lastFailedRevision: - description: lastFailedRevision is the generation of the deployment - we tried and failed to deploy. - type: integer - format: int32 - lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of the errors - during the failed deployment referenced in lastFailedRevision - type: array - items: + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + type: integer + format: int32 + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + type: array + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + type: object + properties: + currentRevision: + description: currentRevision is the generation of the most recently + successful deployment + type: integer + format: int32 + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + type: integer + format: int32 + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of the errors + during the failed deployment referenced in lastFailedRevision + type: array + items: + type: string + nodeName: + description: nodeName is the name of the node type: string - nodeName: - description: nodeName is the name of the node - type: string - targetRevision: - description: targetRevision is the generation of the deployment - we're trying to apply - type: integer - format: int32 - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + targetRevision: + description: targetRevision is the generation of the deployment + we're trying to apply + type: integer + format: int32 + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml index 83d5a5a39d..b695ce8381 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml @@ -1,6 +1,8 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + include.release.openshift.io/self-managed-high-availability: "true" name: kubeapiservers.operator.openshift.io spec: group: operator.openshift.io @@ -8,193 +10,198 @@ spec: kind: KubeAPIServer plural: kubeapiservers singular: kubeapiserver - preserveUnknownFields: false scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - description: KubeAPIServer provides information to configure an operator to - manage kube-apiserver. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the Kubernetes - API Server - properties: - failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why you - think it will work this time instead of failing again on the same - config. - type: string - logLevel: - description: logLevel is an intent based logging for an overall component. It - does not give fine grained control, but it is a simple way to manage - coarse grained logging choices that operators have to interpret for - their operands. - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Force)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller has - observed from the cluster state. It exists in spec because it is - an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have to - interpret for themselves. - type: string - succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status is the most recently observed status of the Kubernetes - API Server - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KubeAPIServer provides information to configure an operator to + manage kube-apiserver. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Kubernetes API Server + properties: + failedRevisionLimit: + description: failedRevisionLimit is the number of failed static pod + installer revisions to keep on disk and in the api -1 = unlimited, + 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: forceRedeploymentReason can be used to force the redeployment + of the operand by providing a unique string. This provides a mechanism + to kick a previously failed deployment and provide a reason why + you think it will work this time instead of failing again on the + same config. + type: string + logLevel: + default: Normal + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Force)$ + type: string + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true type: object - type: array - generations: - description: generations are used to determine when an item needs to - be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for a - given resource so that decisions about forced updates can be made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: operatorLogLevel is an intent based logging for the operator + itself. It does not give fine grained control, but it is a simple + way to manage coarse grained logging choices that operators have + to interpret for themselves. + type: string + succeededRevisionLimit: + description: succeededRevisionLimit is the number of successful static + pod installer revisions to keep on disk and in the api -1 = unlimited, + 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that + will override any previously set options. It only needs to be the + fields to override it will end up overlaying in the following order: + 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' + nullable: true type: object - type: array - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - latestAvailableRevisionReason: - description: latestAvailableRevisionReason describe the detailed reason - for the most recent deployment - type: string - nodeStatuses: - description: nodeStatuses track the deployment values and errors across - individual nodes - items: - description: NodeStatus provides information about the current state - of a particular node managed by this operator. - properties: - currentRevision: - description: currentRevision is the generation of the most recently - successful deployment - format: int32 - type: integer - lastFailedRevision: - description: lastFailedRevision is the generation of the deployment - we tried and failed to deploy. - format: int32 - type: integer - lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of the errors - during the failed deployment referenced in lastFailedRevision - items: + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the Kubernetes + API Server + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + format: date-time type: string - type: array - nodeName: - description: nodeName is the name of the node - type: string - targetRevision: - description: targetRevision is the generation of the deployment - we're trying to apply - format: int32 - type: integer - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - version: v1 + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + type: object + type: array + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + properties: + currentRevision: + description: currentRevision is the generation of the most recently + successful deployment + format: int32 + type: integer + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + format: int32 + type: integer + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of the errors + during the failed deployment referenced in lastFailedRevision + items: + type: string + type: array + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment + we're trying to apply + format: int32 + type: integer + type: object + type: array + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml-merge-patch b/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml-merge-patch deleted file mode 100644 index be6a3cc2e7..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml-merge-patch +++ /dev/null @@ -1,8 +0,0 @@ -spec: - validation: - openAPIV3Schema: - properties: - spec: - properties: - managementState: - pattern: "^(Managed|Force)$" \ No newline at end of file diff --git a/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml-patch b/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml-patch new file mode 100644 index 0000000000..8145f00c49 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/0000_20_kube-apiserver-operator_01_config.crd.yaml-patch @@ -0,0 +1,3 @@ +- op: replace + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/managementState/pattern + value: "^(Managed|Force)$" diff --git a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml index 257620128c..6f08cec5d9 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml @@ -1,6 +1,8 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + include.release.openshift.io/self-managed-high-availability: "true" name: kubecontrollermanagers.operator.openshift.io spec: group: operator.openshift.io @@ -10,193 +12,198 @@ spec: kind: KubeControllerManager plural: kubecontrollermanagers singular: kubecontrollermanager - preserveUnknownFields: false scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - description: KubeControllerManager provides information to configure an operator - to manage kube-controller-manager. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the Kubernetes - Controller Manager - properties: - failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why you - think it will work this time instead of failing again on the same - config. - type: string - logLevel: - description: logLevel is an intent based logging for an overall component. It - does not give fine grained control, but it is a simple way to manage - coarse grained logging choices that operators have to interpret for - their operands. - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Force)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller has - observed from the cluster state. It exists in spec because it is - an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have to - interpret for themselves. - type: string - succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status is the most recently observed status of the Kubernetes - Controller Manager - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KubeControllerManager provides information to configure an operator + to manage kube-controller-manager. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Kubernetes Controller Manager + properties: + failedRevisionLimit: + description: failedRevisionLimit is the number of failed static pod + installer revisions to keep on disk and in the api -1 = unlimited, + 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: forceRedeploymentReason can be used to force the redeployment + of the operand by providing a unique string. This provides a mechanism + to kick a previously failed deployment and provide a reason why + you think it will work this time instead of failing again on the + same config. + type: string + logLevel: + default: Normal + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Force)$ + type: string + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true type: object - type: array - generations: - description: generations are used to determine when an item needs to - be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for a - given resource so that decisions about forced updates can be made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: operatorLogLevel is an intent based logging for the operator + itself. It does not give fine grained control, but it is a simple + way to manage coarse grained logging choices that operators have + to interpret for themselves. + type: string + succeededRevisionLimit: + description: succeededRevisionLimit is the number of successful static + pod installer revisions to keep on disk and in the api -1 = unlimited, + 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that + will override any previously set options. It only needs to be the + fields to override it will end up overlaying in the following order: + 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' + nullable: true type: object - type: array - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - latestAvailableRevisionReason: - description: latestAvailableRevisionReason describe the detailed reason - for the most recent deployment - type: string - nodeStatuses: - description: nodeStatuses track the deployment values and errors across - individual nodes - items: - description: NodeStatus provides information about the current state - of a particular node managed by this operator. - properties: - currentRevision: - description: currentRevision is the generation of the most recently - successful deployment - format: int32 - type: integer - lastFailedRevision: - description: lastFailedRevision is the generation of the deployment - we tried and failed to deploy. - format: int32 - type: integer - lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of the errors - during the failed deployment referenced in lastFailedRevision - items: + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the Kubernetes + Controller Manager + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + format: date-time type: string - type: array - nodeName: - description: nodeName is the name of the node - type: string - targetRevision: - description: targetRevision is the generation of the deployment - we're trying to apply - format: int32 - type: integer - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - version: v1 + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + type: object + type: array + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + properties: + currentRevision: + description: currentRevision is the generation of the most recently + successful deployment + format: int32 + type: integer + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + format: int32 + type: integer + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of the errors + during the failed deployment referenced in lastFailedRevision + items: + type: string + type: array + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment + we're trying to apply + format: int32 + type: integer + type: object + type: array + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml-merge-patch b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml-merge-patch deleted file mode 100644 index 5cc312a439..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml-merge-patch +++ /dev/null @@ -1,10 +0,0 @@ -# this file can be removed once we switch to v0.2 of crd generator -# see: https://github.com/openshift/cluster-kube-scheduler-operator/pull/148 -spec: - validation: - openAPIV3Schema: - properties: - spec: - properties: - managementState: - pattern: "^(Managed|Force)$" diff --git a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml-patch b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml-patch new file mode 100644 index 0000000000..8145f00c49 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-controller-manager-operator_01_config.crd.yaml-patch @@ -0,0 +1,3 @@ +- op: replace + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/managementState/pattern + value: "^(Managed|Force)$" diff --git a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml index 7d7ac277d5..faf3f04486 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml @@ -1,6 +1,8 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + include.release.openshift.io/self-managed-high-availability: "true" name: kubeschedulers.operator.openshift.io spec: group: operator.openshift.io @@ -10,193 +12,198 @@ spec: kind: KubeScheduler plural: kubeschedulers singular: kubescheduler - preserveUnknownFields: false scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - description: KubeScheduler provides information to configure an operator to - manage scheduler. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the Kubernetes - Scheduler - properties: - failedRevisionLimit: - description: failedRevisionLimit is the number of failed static pod - installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - forceRedeploymentReason: - description: forceRedeploymentReason can be used to force the redeployment - of the operand by providing a unique string. This provides a mechanism - to kick a previously failed deployment and provide a reason why you - think it will work this time instead of failing again on the same - config. - type: string - logLevel: - description: logLevel is an intent based logging for an overall component. It - does not give fine grained control, but it is a simple way to manage - coarse grained logging choices that operators have to interpret for - their operands. - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Force)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller has - observed from the cluster state. It exists in spec because it is - an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have to - interpret for themselves. - type: string - succeededRevisionLimit: - description: succeededRevisionLimit is the number of successful static - pod installer revisions to keep on disk and in the api -1 = unlimited, - 0 or unset = 5 (default) - format: int32 - type: integer - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - type: object - status: - description: status is the most recently observed status of the Kubernetes - Scheduler - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string + versions: + - name: v1 + schema: + openAPIV3Schema: + description: KubeScheduler provides information to configure an operator to + manage scheduler. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + Kubernetes Scheduler + properties: + failedRevisionLimit: + description: failedRevisionLimit is the number of failed static pod + installer revisions to keep on disk and in the api -1 = unlimited, + 0 or unset = 5 (default) + format: int32 + type: integer + forceRedeploymentReason: + description: forceRedeploymentReason can be used to force the redeployment + of the operand by providing a unique string. This provides a mechanism + to kick a previously failed deployment and provide a reason why + you think it will work this time instead of failing again on the + same config. + type: string + logLevel: + default: Normal + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Force)$ + type: string + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true type: object - type: array - generations: - description: generations are used to determine when an item needs to - be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for a - given resource so that decisions about forced updates can be made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: operatorLogLevel is an intent based logging for the operator + itself. It does not give fine grained control, but it is a simple + way to manage coarse grained logging choices that operators have + to interpret for themselves. + type: string + succeededRevisionLimit: + description: succeededRevisionLimit is the number of successful static + pod installer revisions to keep on disk and in the api -1 = unlimited, + 0 or unset = 5 (default) + format: int32 + type: integer + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that + will override any previously set options. It only needs to be the + fields to override it will end up overlaying in the following order: + 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' + nullable: true type: object - type: array - latestAvailableRevision: - description: latestAvailableRevision is the deploymentID of the most - recent deployment - format: int32 - type: integer - latestAvailableRevisionReason: - description: latestAvailableRevisionReason describe the detailed reason - for the most recent deployment - type: string - nodeStatuses: - description: nodeStatuses track the deployment values and errors across - individual nodes - items: - description: NodeStatus provides information about the current state - of a particular node managed by this operator. - properties: - currentRevision: - description: currentRevision is the generation of the most recently - successful deployment - format: int32 - type: integer - lastFailedRevision: - description: lastFailedRevision is the generation of the deployment - we tried and failed to deploy. - format: int32 - type: integer - lastFailedRevisionErrors: - description: lastFailedRevisionErrors is a list of the errors - during the failed deployment referenced in lastFailedRevision - items: + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status is the most recently observed status of the Kubernetes + Scheduler + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + format: date-time type: string - type: array - nodeName: - description: nodeName is the name of the node - type: string - targetRevision: - description: targetRevision is the generation of the deployment - we're trying to apply - format: int32 - type: integer - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - version: v1 + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + type: object + type: array + latestAvailableRevision: + description: latestAvailableRevision is the deploymentID of the most + recent deployment + format: int32 + type: integer + latestAvailableRevisionReason: + description: latestAvailableRevisionReason describe the detailed reason + for the most recent deployment + type: string + nodeStatuses: + description: nodeStatuses track the deployment values and errors across + individual nodes + items: + description: NodeStatus provides information about the current state + of a particular node managed by this operator. + properties: + currentRevision: + description: currentRevision is the generation of the most recently + successful deployment + format: int32 + type: integer + lastFailedRevision: + description: lastFailedRevision is the generation of the deployment + we tried and failed to deploy. + format: int32 + type: integer + lastFailedRevisionErrors: + description: lastFailedRevisionErrors is a list of the errors + during the failed deployment referenced in lastFailedRevision + items: + type: string + type: array + nodeName: + description: nodeName is the name of the node + type: string + targetRevision: + description: targetRevision is the generation of the deployment + we're trying to apply + format: int32 + type: integer + type: object + type: array + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml-merge-patch b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml-merge-patch deleted file mode 100644 index 5cc312a439..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml-merge-patch +++ /dev/null @@ -1,10 +0,0 @@ -# this file can be removed once we switch to v0.2 of crd generator -# see: https://github.com/openshift/cluster-kube-scheduler-operator/pull/148 -spec: - validation: - openAPIV3Schema: - properties: - spec: - properties: - managementState: - pattern: "^(Managed|Force)$" diff --git a/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml-patch b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml-patch new file mode 100644 index 0000000000..8145f00c49 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/0000_25_kube-scheduler-operator_01_config.crd.yaml-patch @@ -0,0 +1,3 @@ +- op: replace + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/managementState/pattern + value: "^(Managed|Force)$" diff --git a/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml index 2fdc2ddb36..b6bba3cc6e 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_30_openshift-apiserver-operator_01_config.crd.yaml @@ -1,147 +1,154 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: openshiftapiservers.operator.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: scope: Cluster - preserveUnknownFields: false group: operator.openshift.io - version: v1 names: kind: OpenShiftAPIServer plural: openshiftapiservers singular: openshiftapiserver categories: - coreoperators - subresources: - status: {} - validation: - openAPIV3Schema: - description: OpenShiftAPIServer provides information to configure an operator - to manage openshift-apiserver. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the OpenShift - API Server. - type: object - properties: - logLevel: - description: logLevel is an intent based logging for an overall component. It - does not give fine grained control, but it is a simple way to manage - coarse grained logging choices that operators have to interpret for - their operands. - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller has - observed from the cluster state. It exists in spec because it is - an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have to - interpret for themselves. - type: string - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - description: status defines the observed status of the OpenShift API Server. - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: OpenShiftAPIServer provides information to configure an operator + to manage openshift-apiserver. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + OpenShift API Server. + type: object + properties: + logLevel: + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + managementState: + description: managementState indicates whether and how the operator + should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs to - be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for a - given resource so that decisions about forced updates can be made. + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: operatorLogLevel is an intent based logging for the operator + itself. It does not give fine grained control, but it is a simple + way to manage coarse grained logging choices that operators have + to interpret for themselves. + type: string + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that + will override any previously set options. It only needs to be the + fields to override it will end up overlaying in the following order: + 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - latestAvailableRevision: - description: latestAvailableRevision is the latest revision used as - suffix of revisioned secrets like encryption-config. A new revision - causes a new deployment of pods. - type: integer - format: int32 - minimum: 0 - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + description: status defines the observed status of the OpenShift API Server. + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + latestAvailableRevision: + description: latestAvailableRevision is the latest revision used as + suffix of revisioned secrets like encryption-config. A new revision + causes a new deployment of pods. + type: integer + format: int32 + minimum: 0 + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml new file mode 100644 index 0000000000..098de4470e --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/0000_40_cloud-credential-operator_00_config.crd.yaml @@ -0,0 +1,158 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: cloudcredentials.operator.openshift.io +spec: + scope: Cluster + group: operator.openshift.io + names: + kind: CloudCredential + listKind: CloudCredentialList + plural: cloudcredentials + singular: cloudcredential + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: CloudCredential provides a means to configure an operator to + manage CredentialsRequests. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CloudCredentialSpec is the specification of the desired behavior + of the cloud-credential-operator. + type: object + properties: + credentialsMode: + description: CredentialsMode allows informing CCO that it should not + attempt to dynamically determine the root cloud credentials capabilities, + and it should just run in the specified mode. It also allows putting + the operator into "manual" mode if desired. Leaving the field in + default mode runs CCO so that the cluster's cloud credentials will + be dynamically probed for capabilities (on supported clouds/platforms). + type: string + enum: + - "" + - Manual + - Mint + - Passthrough + logLevel: + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + managementState: + description: managementState indicates whether and how the operator + should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: operatorLogLevel is an intent based logging for the operator + itself. It does not give fine grained control, but it is a simple + way to manage coarse grained logging choices that operators have + to interpret for themselves. + type: string + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that + will override any previously set options. It only needs to be the + fields to override it will end up overlaying in the following order: + 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + description: CloudCredentialStatus defines the observed status of the + cloud-credential-operator. + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml index 20ce796cf3..9adbb29e60 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_40_kube-storage-version-migrator-operator_00_config.crd.yaml @@ -1,8 +1,9 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - creationTimestamp: null name: kubestorageversionmigrators.operator.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: operator.openshift.io names: @@ -11,137 +12,132 @@ spec: plural: kubestorageversionmigrators singular: kubestorageversionmigrator scope: Cluster - preserveUnknownFields: false - subresources: - status: {} - version: v1 versions: - name: v1 served: true storage: true - "validation": - "openAPIV3Schema": - description: KubeStorageVersionMigrator provides information to configure an - operator to manage kube-storage-version-migrator. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - properties: - logLevel: - description: logLevel is an intent based logging for an overall component. It - does not give fine grained control, but it is a simple way to manage - coarse grained logging choices that operators have to interpret for - their operands. - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller has - observed from the cluster state. It exists in spec because it is - an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have to - interpret for themselves. - type: string - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. + subresources: + status: {} + schema: + "openAPIV3Schema": + description: KubeStorageVersionMigrator provides information to configure + an operator to manage kube-storage-version-migrator. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + type: object + properties: + logLevel: + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + managementState: + description: managementState indicates whether and how the operator + should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs to - be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for a - given resource so that decisions about forced updates can be made. + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: operatorLogLevel is an intent based logging for the operator + itself. It does not give fine grained control, but it is a simple + way to manage coarse grained logging choices that operators have + to interpret for themselves. + type: string + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that + will override any previously set options. It only needs to be the + fields to override it will end up overlaying in the following order: + 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml index 87f910ff39..20cac90b4a 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-authentication-operator_01_config.crd.yaml @@ -1,153 +1,160 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: authentications.operator.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: scope: Cluster - preserveUnknownFields: false group: operator.openshift.io - version: v1 names: kind: Authentication plural: authentications singular: authentication - subresources: - status: {} - validation: - openAPIV3Schema: - description: Authentication provides information to configure an operator to - manage authentication. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - properties: - logLevel: - description: logLevel is an intent based logging for an overall component. It - does not give fine grained control, but it is a simple way to manage - coarse grained logging choices that operators have to interpret for - their operands. - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller has - observed from the cluster state. It exists in spec because it is - an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have to - interpret for themselves. - type: string - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: Authentication provides information to configure an operator + to manage authentication. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + type: object + properties: + logLevel: + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + managementState: + description: managementState indicates whether and how the operator + should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs to - be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for a - given resource so that decisions about forced updates can be made. + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: operatorLogLevel is an intent based logging for the operator + itself. It does not give fine grained control, but it is a simple + way to manage coarse grained logging choices that operators have + to interpret for themselves. + type: string + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that + will override any previously set options. It only needs to be the + fields to override it will end up overlaying in the following order: + 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + managingOAuthAPIServer: + description: ManagingOAuthAPIServer indicates whether this operator + is managing OAuth related APIs. Setting this field to true will + cause OAS-O to step down. Note that this field will be removed in + the future releases, once https://github.com/openshift/enhancements/blob/master/enhancements/authentication/separate-oauth-resources.md + is fully implemented + type: boolean + oauthAPIServer: + description: OAuthAPIServer holds status specific only to oauth-apiserver type: object properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved + latestAvailableRevision: + description: LatestAvailableRevision is the latest revision used + as suffix of revisioned secrets like encryption-config. A new + revision causes a new deployment of pods. type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - managingOAuthAPIServer: - description: ManagingOAuthAPIServer indicates whether this operator - is managing OAuth related APIs. Setting this field to true will cause - OAS-O to step down. Note that this field will be removed in the future - releases, once https://github.com/openshift/enhancements/blob/master/enhancements/authentication/separate-oauth-resources.md - is fully implemented - type: boolean - oauthAPIServer: - description: OAuthAPIServer holds status specific only to oauth-apiserver - type: object - properties: - latestAvailableRevision: - description: LatestAvailableRevision is the latest revision used - as suffix of revisioned secrets like encryption-config. A new - revision causes a new deployment of pods. - type: integer - format: int32 - minimum: 0 - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + format: int32 + minimum: 0 + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml index 589797bb71..0d9403cd3a 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster-openshift-controller-manager-operator_02_config.crd.yaml @@ -1,137 +1,144 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: openshiftcontrollermanagers.operator.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: scope: Cluster - preserveUnknownFields: false group: operator.openshift.io - version: v1 names: kind: OpenShiftControllerManager plural: openshiftcontrollermanagers singular: openshiftcontrollermanager categories: - coreoperators - subresources: - status: {} - validation: - openAPIV3Schema: - description: OpenShiftControllerManager provides information to configure an - operator to manage openshift-controller-manager. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - type: object - properties: - logLevel: - description: logLevel is an intent based logging for an overall component. It - does not give fine grained control, but it is a simple way to manage - coarse grained logging choices that operators have to interpret for - their operands. - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller has - observed from the cluster state. It exists in spec because it is - an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have to - interpret for themselves. - type: string - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: OpenShiftControllerManager provides information to configure + an operator to manage openshift-controller-manager. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + type: object + properties: + logLevel: + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + managementState: + description: managementState indicates whether and how the operator + should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs to - be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for a - given resource so that decisions about forced updates can be made. + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: operatorLogLevel is an intent based logging for the operator + itself. It does not give fine grained control, but it is a simple + way to manage coarse grained logging choices that operators have + to interpret for themselves. + type: string + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that + will override any previously set options. It only needs to be the + fields to override it will end up overlaying in the following order: + 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml index 28d7c88373..a05f408887 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_cluster_storage_operator_01_crd.yaml @@ -1,142 +1,145 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: storages.operator.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: operator.openshift.io names: kind: Storage plural: storages singular: storage - preserveUnknownFields: false scope: Cluster - subresources: - status: {} - version: v1 versions: - name: v1 served: true storage: true - validation: - openAPIV3Schema: - description: Storage provides a means to configure an operator to manage the - cluster storage operator. `cluster` is the canonical name. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - logLevel: - description: logLevel is an intent based logging for an overall component. It - does not give fine grained control, but it is a simple way to manage - coarse grained logging choices that operators have to interpret for - their operands. - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller has - observed from the cluster state. It exists in spec because it is - an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have to - interpret for themselves. - type: string - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. + subresources: + status: {} + schema: + openAPIV3Schema: + description: Storage provides a means to configure an operator to manage the + cluster storage operator. `cluster` is the canonical name. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + logLevel: + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + managementState: + description: managementState indicates whether and how the operator + should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs to - be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for a - given resource so that decisions about forced updates can be made. + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: operatorLogLevel is an intent based logging for the operator + itself. It does not give fine grained control, but it is a simple + way to manage coarse grained logging choices that operators have + to interpret for themselves. + type: string + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that + will override any previously set options. It only needs to be the + fields to override it will end up overlaying in the following order: + 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml index 2ee6184f60..7c14492ab6 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml @@ -1,7 +1,8 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - creationTimestamp: null + annotations: + include.release.openshift.io/self-managed-high-availability: "true" name: ingresscontrollers.operator.openshift.io spec: group: operator.openshift.io @@ -10,861 +11,1024 @@ spec: listKind: IngressControllerList plural: ingresscontrollers singular: ingresscontroller - preserveUnknownFields: false - scope: "" - subresources: - scale: - labelSelectorPath: .status.selector - specReplicasPath: .spec.replicas - statusReplicasPath: .status.availableReplicas - status: {} - validation: - openAPIV3Schema: - description: "IngressController describes a managed ingress controller for the - cluster. The controller can service OpenShift Route and Kubernetes Ingress - resources. \n When an IngressController is created, a new ingress controller - deployment is created to allow external traffic to reach the services that - expose Ingress or Route resources. Updating this resource may lead to disruption - for public facing network connections as a new ingress controller revision - may be rolled out. \n https://kubernetes.io/docs/concepts/services-networking/ingress-controllers - \n Whenever possible, sensible defaults for the platform are used. See each - field for more details." - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the IngressController. - properties: - defaultCertificate: - description: "defaultCertificate is a reference to a secret containing - the default certificate served by the ingress controller. When Routes - don't specify their own certificate, defaultCertificate is used. \n - The secret must contain the following keys and data: \n tls.crt: - certificate file contents tls.key: key file contents \n If unset, - a wildcard certificate is automatically generated and used. The certificate - is valid for the ingress controller domain (and subdomains) and the - generated certificate's CA will be automatically integrated with the - cluster's trust store. \n The in-use certificate (whether generated - or user-specified) will be automatically integrated with OpenShift's - built-in OAuth server." - properties: - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Add other useful fields. apiVersion, kind, uid?' - type: string - type: object - domain: - description: "domain is a DNS name serviced by the ingress controller - and is used to configure multiple features: \n * For the LoadBalancerService - endpoint publishing strategy, domain is used to configure DNS records. - See endpointPublishingStrategy. \n * When using a generated default - certificate, the certificate will be valid for domain and its subdomains. - See defaultCertificate. \n * The value is published to individual - Route statuses so that end-users know where to target external DNS - records. \n domain must be unique among all IngressControllers, and - cannot be updated. \n If empty, defaults to ingress.config.openshift.io/cluster - .spec.domain." - type: string - endpointPublishingStrategy: - description: "endpointPublishingStrategy is used to publish the ingress - controller endpoints to other networks, enable load balancer integrations, - etc. \n If unset, the default is based on infrastructure.config.openshift.io/cluster - .status.platform: \n AWS: LoadBalancerService (with External - scope) Azure: LoadBalancerService (with External scope) GCP: - \ LoadBalancerService (with External scope) IBMCloud: LoadBalancerService - (with External scope) Libvirt: HostNetwork \n Any other platform - types (including None) default to HostNetwork. \n endpointPublishingStrategy - cannot be updated." - properties: - hostNetwork: - description: hostNetwork holds parameters for the HostNetwork endpoint - publishing strategy. Present only if type is HostNetwork. - type: object - loadBalancer: - description: loadBalancer holds parameters for the load balancer. - Present only if type is LoadBalancerService. - properties: - providerParameters: - description: "providerParameters holds desired load balancer - information specific to the underlying infrastructure provider. - \n If empty, defaults will be applied. See specific providerParameters - fields for details about their defaults." - properties: - aws: - description: "aws provides configuration settings that are - specific to AWS load balancers. \n If empty, defaults - will be applied. See specific aws fields for details about - their defaults." + scope: Cluster + versions: + - name: v1 + schema: + openAPIV3Schema: + description: "IngressController describes a managed ingress controller for + the cluster. The controller can service OpenShift Route and Kubernetes Ingress + resources. \n When an IngressController is created, a new ingress controller + deployment is created to allow external traffic to reach the services that + expose Ingress or Route resources. Updating this resource may lead to disruption + for public facing network connections as a new ingress controller revision + may be rolled out. \n https://kubernetes.io/docs/concepts/services-networking/ingress-controllers + \n Whenever possible, sensible defaults for the platform are used. See each + field for more details." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + IngressController. + properties: + defaultCertificate: + description: "defaultCertificate is a reference to a secret containing + the default certificate served by the ingress controller. When Routes + don't specify their own certificate, defaultCertificate is used. + \n The secret must contain the following keys and data: \n tls.crt: + certificate file contents tls.key: key file contents \n If unset, + a wildcard certificate is automatically generated and used. The + certificate is valid for the ingress controller domain (and subdomains) + and the generated certificate's CA will be automatically integrated + with the cluster's trust store. \n If a wildcard certificate is + used and shared by multiple HTTP/2 enabled routes (which implies + ALPN) then clients (i.e., notably browsers) are at liberty to reuse + open connections. This means a client can reuse a connection to + another route and that is likely to fail. This behaviour is generally + known as connection coalescing. \n The in-use certificate (whether + generated or user-specified) will be automatically integrated with + OpenShift's built-in OAuth server." + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + domain: + description: "domain is a DNS name serviced by the ingress controller + and is used to configure multiple features: \n * For the LoadBalancerService + endpoint publishing strategy, domain is used to configure DNS + records. See endpointPublishingStrategy. \n * When using a generated + default certificate, the certificate will be valid for domain + and its subdomains. See defaultCertificate. \n * The value is published + to individual Route statuses so that end-users know where to target + external DNS records. \n domain must be unique among all IngressControllers, + and cannot be updated. \n If empty, defaults to ingress.config.openshift.io/cluster + .spec.domain." + type: string + endpointPublishingStrategy: + description: "endpointPublishingStrategy is used to publish the ingress + controller endpoints to other networks, enable load balancer integrations, + etc. \n If unset, the default is based on infrastructure.config.openshift.io/cluster + .status.platform: \n AWS: LoadBalancerService (with External + scope) Azure: LoadBalancerService (with External scope) GCP: + \ LoadBalancerService (with External scope) IBMCloud: LoadBalancerService + (with External scope) Libvirt: HostNetwork \n Any other platform + types (including None) default to HostNetwork. \n endpointPublishingStrategy + cannot be updated." + properties: + hostNetwork: + description: hostNetwork holds parameters for the HostNetwork + endpoint publishing strategy. Present only if type is HostNetwork. + type: object + loadBalancer: + description: loadBalancer holds parameters for the load balancer. + Present only if type is LoadBalancerService. + properties: + providerParameters: + description: "providerParameters holds desired load balancer + information specific to the underlying infrastructure provider. + \n If empty, defaults will be applied. See specific providerParameters + fields for details about their defaults." + properties: + aws: + description: "aws provides configuration settings that + are specific to AWS load balancers. \n If empty, defaults + will be applied. See specific aws fields for details + about their defaults." + properties: + classicLoadBalancer: + description: classicLoadBalancerParameters holds configuration + parameters for an AWS classic load balancer. Present + only if type is Classic. + type: object + networkLoadBalancer: + description: networkLoadBalancerParameters holds configuration + parameters for an AWS network load balancer. Present + only if type is NLB. + type: object + type: + description: "type is the type of AWS load balancer + to instantiate for an ingresscontroller. \n Valid + values are: \n * \"Classic\": A Classic Load Balancer + that makes routing decisions at either the transport + layer (TCP/SSL) or the application layer (HTTP/HTTPS). + See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + \n * \"NLB\": A Network Load Balancer that makes + routing decisions at the transport layer (TCP/SSL). + See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" + enum: + - Classic + - NLB + type: string + required: + - type + type: object + type: + description: type is the underlying infrastructure provider + for the load balancer. Allowed values are "AWS", "Azure", + "BareMetal", "GCP", "OpenStack", and "VSphere". + enum: + - AWS + - Azure + - BareMetal + - GCP + - OpenStack + - VSphere + - IBM + type: string + required: + - type + type: object + scope: + description: scope indicates the scope at which the load balancer + is exposed. Possible values are "External" and "Internal". + enum: + - Internal + - External + type: string + required: + - scope + type: object + nodePort: + description: nodePort holds parameters for the NodePortService + endpoint publishing strategy. Present only if type is NodePortService. + type: object + private: + description: private holds parameters for the Private endpoint + publishing strategy. Present only if type is Private. + type: object + type: + description: "type is the publishing strategy to use. Valid values + are: \n * LoadBalancerService \n Publishes the ingress controller + using a Kubernetes LoadBalancer Service. \n In this configuration, + the ingress controller deployment uses container networking. + A LoadBalancer Service is created to publish the deployment. + \n See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + \n If domain is set, a wildcard DNS record will be managed to + point at the LoadBalancer Service's external name. DNS records + are managed only in DNS zones defined by dns.config.openshift.io/cluster + .spec.publicZone and .spec.privateZone. \n Wildcard DNS management + is currently supported only on the AWS, Azure, and GCP platforms. + \n * HostNetwork \n Publishes the ingress controller on node + ports where the ingress controller is deployed. \n In this configuration, + the ingress controller deployment uses host networking, bound + to node ports 80 and 443. The user is responsible for configuring + an external load balancer to publish the ingress controller + via the node ports. \n * Private \n Does not publish the ingress + controller. \n In this configuration, the ingress controller + deployment uses container networking, and is not explicitly + published. The user must manually publish the ingress controller. + \n * NodePortService \n Publishes the ingress controller using + a Kubernetes NodePort Service. \n In this configuration, the + ingress controller deployment uses container networking. A NodePort + Service is created to publish the deployment. The specific node + ports are dynamically allocated by OpenShift; however, to support + static port allocations, user changes to the node port field + of the managed NodePort Service will preserved." + enum: + - LoadBalancerService + - HostNetwork + - Private + - NodePortService + type: string + required: + - type + type: object + httpHeaders: + description: "httpHeaders defines policy for HTTP headers. \n If this + field is empty, the default values are used." + properties: + forwardedHeaderPolicy: + description: "forwardedHeaderPolicy specifies when and how the + IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, + X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version + HTTP headers. The value may be one of the following: \n * \"Append\", + which specifies that the IngressController appends the headers, + preserving existing headers. \n * \"Replace\", which specifies + that the IngressController sets the headers, replacing any + existing Forwarded or X-Forwarded-* headers. \n * \"IfNone\", + which specifies that the IngressController sets the headers + if they are not already set. \n * \"Never\", which specifies + that the IngressController never sets the headers, preserving + any existing headers. \n By default, the policy is \"Append\"." + enum: + - Append + - Replace + - IfNone + - Never + type: string + uniqueId: + description: "uniqueId describes configuration for a custom HTTP + header that the ingress controller should inject into incoming + HTTP requests. Typically, this header is configured to have + a value that is unique to the HTTP request. The header can + be used by applications or included in access logs to facilitate + tracing individual HTTP requests. \n If this field is empty, + no such header is injected into requests." + properties: + format: + description: 'format specifies the format for the injected + HTTP header''s value. This field has no effect unless name + is specified. For the HAProxy-based ingress controller + implementation, this format uses the same syntax as the + HTTP log format. If the field is empty, the default value + is "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"; see the corresponding + HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3' + maxLength: 1024 + minLength: 0 + pattern: ^(%(%|(\{[-+]?[QXE](,[-+]?[QXE])*\})?([A-Za-z]+|\[[.0-9A-Z_a-z]+(\([^)]+\))?(,[.0-9A-Z_a-z]+(\([^)]+\))?)*\]))|[^%[:cntrl:]])*$ + type: string + name: + description: name specifies the name of the HTTP header (for + example, "unique-id") that the ingress controller should + inject into HTTP requests. The field's value must be a + valid HTTP header name as defined in RFC 2616 section 4.2. If + the field is empty, no header is injected. + maxLength: 1024 + minLength: 0 + pattern: ^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + type: object + type: object + logging: + description: logging defines parameters for what should be logged + where. If this field is empty, operational logs are enabled but + access logs are disabled. + properties: + access: + description: "access describes how the client requests should + be logged. \n If this field is empty, access logging is disabled." + properties: + destination: + description: destination is where access logs go. + properties: + container: + description: container holds parameters for the Container + logging destination. Present only if type is Container. + type: object + syslog: + description: syslog holds parameters for a syslog endpoint. Present + only if type is Syslog. + oneOf: + - properties: + address: + format: ipv4 + - properties: + address: + format: ipv6 + properties: + address: + description: address is the IP address of the syslog + endpoint that receives log messages. + type: string + facility: + description: "facility specifies the syslog facility + of log messages. \n If this field is empty, the + facility is \"local1\"." + enum: + - kern + - user + - mail + - daemon + - auth + - syslog + - lpr + - news + - uucp + - cron + - auth2 + - ftp + - ntp + - audit + - alert + - cron2 + - local0 + - local1 + - local2 + - local3 + - local4 + - local5 + - local6 + - local7 + type: string + port: + description: port is the UDP port number of the syslog + endpoint that receives log messages. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - address + - port + type: object + type: + description: "type is the type of destination for logs. + \ It must be one of the following: \n * Container \n + The ingress operator configures the sidecar container + named \"logs\" on the ingress controller pod and configures + the ingress controller to write logs to the sidecar. + \ The logs are then available as container logs. The + expectation is that the administrator configures a custom + logging solution that reads logs from this sidecar. + \ Note that using container logs means that logs may + be dropped if the rate of logs exceeds the container + runtime's or the custom logging solution's capacity. + \n * Syslog \n Logs are sent to a syslog endpoint. The + administrator must specify an endpoint that can receive + syslog messages. The expectation is that the administrator + has configured a custom syslog instance." + enum: + - Container + - Syslog + type: string + required: + - type + type: object + httpCaptureCookies: + description: httpCaptureCookies specifies HTTP cookies that + should be captured in access logs. If this field is empty, + no cookies are captured. + items: + description: IngressControllerCaptureHTTPCookie describes + an HTTP cookie that should be captured. properties: - classicLoadBalancer: - description: classicLoadBalancerParameters holds configuration - parameters for an AWS classic load balancer. Present - only if type is Classic. - type: object - networkLoadBalancer: - description: networkLoadBalancerParameters holds configuration - parameters for an AWS network load balancer. Present - only if type is NLB. - type: object - type: - description: "type is the type of AWS load balancer - to instantiate for an ingresscontroller. \n Valid - values are: \n * \"Classic\": A Classic Load Balancer - that makes routing decisions at either the transport - layer (TCP/SSL) or the application layer (HTTP/HTTPS). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb - \n * \"NLB\": A Network Load Balancer that makes routing - decisions at the transport layer (TCP/SSL). See - the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" + matchType: + description: matchType specifies the type of match to + be performed on the cookie name. Allowed values are + "Exact" for an exact string match and "Prefix" for + a string prefix match. If "Exact" is specified, a + name must be specified in the name field. If "Prefix" + is provided, a prefix must be specified in the namePrefix + field. For example, specifying matchType "Prefix" + and namePrefix "foo" will capture a cookie named "foo" + or "foobar" but not one named "bar". The first matching + cookie is captured. enum: - - Classic - - NLB + - Exact + - Prefix + type: string + maxLength: + description: maxLength specifies a maximum length of + the string that will be logged, which includes the + cookie name, cookie value, and one-character delimiter. If + the log entry exceeds this length, the value will + be truncated in the log message. Note that the ingress + controller may impose a separate bound on the total + length of HTTP headers in a request. + maximum: 1024 + minimum: 1 + type: integer + name: + description: name specifies a cookie name. Its value + must be a valid HTTP cookie name as defined in RFC + 6265 section 4.1. + maxLength: 1024 + minLength: 0 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$ + type: string + namePrefix: + description: namePrefix specifies a cookie name prefix. Its + value must be a valid HTTP cookie name as defined + in RFC 6265 section 4.1. + maxLength: 1024 + minLength: 0 + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$ type: string required: - - type + - matchType + - maxLength type: object - type: - description: type is the underlying infrastructure provider - for the load balancer. Allowed values are "AWS", "Azure", - "BareMetal", "GCP", "OpenStack", and "VSphere". - enum: - - AWS - - Azure - - BareMetal - - GCP - - OpenStack - - VSphere + maxItems: 1 + nullable: true + type: array + httpCaptureHeaders: + description: "httpCaptureHeaders defines HTTP headers that + should be captured in access logs. If this field is empty, + no headers are captured. \n Note that this option only applies + to cleartext HTTP connections and to secure HTTP connections + for which the ingress controller terminates encryption (that + is, edge-terminated or reencrypt connections). Headers + cannot be captured for TLS passthrough connections." + properties: + request: + description: "request specifies which HTTP request headers + to capture. \n If this field is empty, no request headers + are captured." + items: + description: IngressControllerCaptureHTTPHeader describes + an HTTP header that should be captured. + properties: + maxLength: + description: maxLength specifies a maximum length + for the header value. If a header value exceeds + this length, the value will be truncated in the + log message. Note that the ingress controller + may impose a separate bound on the total length + of HTTP headers in a request. + minimum: 1 + type: integer + name: + description: name specifies a header name. Its + value must be a valid HTTP header name as defined + in RFC 2616 section 4.2. + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + required: + - maxLength + - name + type: object + nullable: true + type: array + response: + description: "response specifies which HTTP response headers + to capture. \n If this field is empty, no response headers + are captured." + items: + description: IngressControllerCaptureHTTPHeader describes + an HTTP header that should be captured. + properties: + maxLength: + description: maxLength specifies a maximum length + for the header value. If a header value exceeds + this length, the value will be truncated in the + log message. Note that the ingress controller + may impose a separate bound on the total length + of HTTP headers in a request. + minimum: 1 + type: integer + name: + description: name specifies a header name. Its + value must be a valid HTTP header name as defined + in RFC 2616 section 4.2. + pattern: ^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$ + type: string + required: + - maxLength + - name + type: object + nullable: true + type: array + type: object + httpLogFormat: + description: "httpLogFormat specifies the format of the log + message for an HTTP request. \n If this field is empty, + log messages use the implementation's default HTTP log format. + \ For HAProxy's default HTTP log format, see the HAProxy + documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 + \n Note that this format only applies to cleartext HTTP + connections and to secure HTTP connections for which the + ingress controller terminates encryption (that is, edge-terminated + or reencrypt connections). It does not affect the log format + for TLS passthrough connections." + type: string + required: + - destination + type: object + type: object + namespaceSelector: + description: "namespaceSelector is used to filter the set of namespaces + serviced by the ingress controller. This is useful for implementing + shards. \n If unset, the default is no filtering." + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array required: - - type + - key + - operator type: object - scope: - description: scope indicates the scope at which the load balancer - is exposed. Possible values are "External" and "Internal". - enum: - - Internal - - External + type: array + matchLabels: + additionalProperties: type: string - required: - - scope - type: object - nodePort: - description: nodePort holds parameters for the NodePortService endpoint - publishing strategy. Present only if type is NodePortService. - type: object - private: - description: private holds parameters for the Private endpoint publishing - strategy. Present only if type is Private. - type: object - type: - description: "type is the publishing strategy to use. Valid values - are: \n * LoadBalancerService \n Publishes the ingress controller - using a Kubernetes LoadBalancer Service. \n In this configuration, - the ingress controller deployment uses container networking. A - LoadBalancer Service is created to publish the deployment. \n - See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - \n If domain is set, a wildcard DNS record will be managed to - point at the LoadBalancer Service's external name. DNS records - are managed only in DNS zones defined by dns.config.openshift.io/cluster - .spec.publicZone and .spec.privateZone. \n Wildcard DNS management - is currently supported only on the AWS, Azure, and GCP platforms. - \n * HostNetwork \n Publishes the ingress controller on node ports - where the ingress controller is deployed. \n In this configuration, - the ingress controller deployment uses host networking, bound - to node ports 80 and 443. The user is responsible for configuring - an external load balancer to publish the ingress controller via - the node ports. \n * Private \n Does not publish the ingress controller. - \n In this configuration, the ingress controller deployment uses - container networking, and is not explicitly published. The user - must manually publish the ingress controller. \n * NodePortService - \n Publishes the ingress controller using a Kubernetes NodePort - Service. \n In this configuration, the ingress controller deployment - uses container networking. A NodePort Service is created to publish - the deployment. The specific node ports are dynamically allocated - by OpenShift; however, to support static port allocations, user - changes to the node port field of the managed NodePort Service - will preserved." - enum: - - LoadBalancerService - - HostNetwork - - Private - - NodePortService - type: string - required: - - type - type: object - httpHeaders: - description: "httpHeaders defines policy for HTTP headers. \n If this - field is empty, the default values are used." - properties: - forwardedHeaderPolicy: - description: "forwardedHeaderPolicy specifies when and how the IngressController - sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, - X-Forwarded-Proto, and X-Forwarded-Proto-Version HTTP headers. - \ The value may be one of the following: \n * \"Append\", which - specifies that the IngressController appends the headers, preserving - existing headers. \n * \"Replace\", which specifies that the IngressController - sets the headers, replacing any existing Forwarded or X-Forwarded-* - headers. \n * \"IfNone\", which specifies that the IngressController - sets the headers if they are not already set. \n * \"Never\", - which specifies that the IngressController never sets the headers, - preserving any existing headers. \n By default, the policy is - \"Append\"." - enum: - - Append - - Replace - - IfNone - - Never - type: string - type: object - logging: - description: logging defines parameters for what should be logged where. If - this field is empty, operational logs are enabled but access logs - are disabled. - properties: - access: - description: "access describes how the client requests should be - logged. \n If this field is empty, access logging is disabled." - properties: - destination: - description: destination is where access logs go. - properties: - container: - description: container holds parameters for the Container - logging destination. Present only if type is Container. - type: object - syslog: - description: syslog holds parameters for a syslog endpoint. Present - only if type is Syslog. - oneOf: - - properties: - address: - format: ipv4 - - properties: - address: - format: ipv6 + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + nodePlacement: + description: "nodePlacement enables explicit control over the scheduling + of the ingress controller. \n If unset, defaults are used. See NodePlacement + for more details." + properties: + nodeSelector: + description: "nodeSelector is the node selector applied to ingress + controller deployments. \n If unset, the default is: \n beta.kubernetes.io/os: + linux node-role.kubernetes.io/worker: '' \n If set, the specified + selector is used and replaces the default." + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. properties: - address: - description: address is the IP address of the syslog - endpoint that receives log messages. + key: + description: key is the label key that the selector + applies to. type: string - facility: - description: "facility specifies the syslog facility - of log messages. \n If this field is empty, the facility - is \"local1\"." - enum: - - kern - - user - - mail - - daemon - - auth - - syslog - - lpr - - news - - uucp - - cron - - auth2 - - ftp - - ntp - - audit - - alert - - cron2 - - local0 - - local1 - - local2 - - local3 - - local4 - - local5 - - local6 - - local7 + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. type: string - port: - description: port is the UDP port number of the syslog - endpoint that receives log messages. - format: int32 - maximum: 65535 - minimum: 1 - type: integer + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array required: - - address - - port + - key + - operator type: object - type: - description: "type is the type of destination for logs. - \ It must be one of the following: \n * Container \n The - ingress operator configures the sidecar container named - \"logs\" on the ingress controller pod and configures - the ingress controller to write logs to the sidecar. The - logs are then available as container logs. The expectation - is that the administrator configures a custom logging - solution that reads logs from this sidecar. Note that - using container logs means that logs may be dropped if - the rate of logs exceeds the container runtime's or the - custom logging solution's capacity. \n * Syslog \n Logs - are sent to a syslog endpoint. The administrator must - specify an endpoint that can receive syslog messages. - \ The expectation is that the administrator has configured - a custom syslog instance." - enum: - - Container - - Syslog + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + tolerations: + description: "tolerations is a list of tolerations applied to + ingress controller deployments. \n The default is an empty list. + \n See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/" + items: + description: The pod this Toleration is attached to tolerates + any taint that matches the triple using + the matching operator . + properties: + effect: + description: Effect indicates the taint effect to match. + Empty means match all taint effects. When specified, allowed + values are NoSchedule, PreferNoSchedule and NoExecute. type: string + key: + description: Key is the taint key that the toleration applies + to. Empty means match all taint keys. If the key is empty, + operator must be Exists; this combination means to match + all values and all keys. + type: string + operator: + description: Operator represents a key's relationship to + the value. Valid operators are Exists and Equal. Defaults + to Equal. Exists is equivalent to wildcard for value, + so that a pod can tolerate all taints of a particular + category. + type: string + tolerationSeconds: + description: TolerationSeconds represents the period of + time the toleration (which must be of effect NoExecute, + otherwise this field is ignored) tolerates the taint. + By default, it is not set, which means tolerate the taint + forever (do not evict). Zero and negative values will + be treated as 0 (evict immediately) by the system. + format: int64 + type: integer + value: + description: Value is the taint value the toleration matches + to. If the operator is Exists, the value should be empty, + otherwise just a regular string. + type: string + type: object + type: array + type: object + replicas: + description: replicas is the desired number of ingress controller + replicas. If unset, defaults to 2. + format: int32 + type: integer + routeAdmission: + description: "routeAdmission defines a policy for handling new route + claims (for example, to allow or deny claims across namespaces). + \n If empty, defaults will be applied. See specific routeAdmission + fields for details about their defaults." + properties: + namespaceOwnership: + description: "namespaceOwnership describes how host name claims + across namespaces should be handled. \n Value must be one of: + \n - Strict: Do not allow routes in different namespaces to + claim the same host. \n - InterNamespaceAllowed: Allow routes + to claim different paths of the same host name across namespaces. + \n If empty, the default is Strict." + enum: + - InterNamespaceAllowed + - Strict + type: string + wildcardPolicy: + description: "wildcardPolicy describes how routes with wildcard + policies should be handled for the ingress controller. WildcardPolicy + controls use of routes [1] exposed by the ingress controller + based on the route's wildcard policy. \n [1] https://github.com/openshift/api/blob/master/route/v1/types.go + \n Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed + will cause admitted routes with a wildcard policy of Subdomain + to stop working. These routes must be updated to a wildcard + policy of None to be readmitted by the ingress controller. \n + WildcardPolicy supports WildcardsAllowed and WildcardsDisallowed + values. \n If empty, defaults to \"WildcardsDisallowed\"." + enum: + - WildcardsAllowed + - WildcardsDisallowed + type: string + type: object + routeSelector: + description: "routeSelector is used to filter the set of Routes serviced + by the ingress controller. This is useful for implementing shards. + \n If unset, the default is no filtering." + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array required: - - type + - key + - operator type: object - httpLogFormat: - description: "httpLogFormat specifies the format of the log - message for an HTTP request. \n If this field is empty, log - messages use the implementation's default HTTP log format. - \ For HAProxy's default HTTP log format, see the HAProxy documentation: - http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3" + type: array + matchLabels: + additionalProperties: type: string - required: - - destination - type: object - type: object - namespaceSelector: - description: "namespaceSelector is used to filter the set of namespaces - serviced by the ingress controller. This is useful for implementing - shards. \n If unset, the default is no filtering." - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + tlsSecurityProfile: + description: "tlsSecurityProfile specifies settings for TLS connections + for ingresscontrollers. \n If unset, the default is based on the + apiservers.config.openshift.io/cluster resource. \n Note that when + using the Old, Intermediate, and Modern profile types, the effective + profile configuration is subject to change between releases. For + example, given a specification to use the Intermediate profile deployed + on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new + profile configuration to be applied to the ingress controller, resulting + in a rollout. \n Note that the minimum TLS version for ingress controllers + is 1.1, and the maximum TLS version is 1.2. An implication of this + restriction is that the Modern TLS profile type cannot be used because + it requires TLS 1.3." + properties: + custom: + description: "custom is a user-defined TLS security profile. Be + extremely careful using a custom profile as invalid configurations + can be catastrophic. An example custom profile looks like this: + \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + \ - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 + \ minTLSVersion: TLSv1.1" + nullable: true properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. + ciphers: + description: "ciphers is used to specify the cipher algorithms + that are negotiated during the TLS handshake. Operators + may remove entries their operands do not support. For example, + to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" items: type: string type: array - required: - - key - - operator + minTLSVersion: + description: "minTLSVersion is used to specify the minimal + version of the TLS protocol that is negotiated during the + TLS handshake. For example, to use TLS versions 1.1, 1.2 + and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently + the highest minTLSVersion allowed is VersionTLS12" + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string type: object - type: array - matchLabels: - additionalProperties: + intermediate: + description: "intermediate is a TLS security profile based on: + \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 + \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 + \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 + \ minTLSVersion: TLSv1.2" + nullable: true + type: object + modern: + description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + \ minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." + nullable: true + type: object + old: + description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 + \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 + \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 + \ - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 + \ - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA + \ - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 + \ - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA + \ - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - + DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 + \ - AES128-SHA256 - AES256-SHA256 - AES128-SHA - + AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0" + nullable: true + type: object + type: + description: "type is one of Old, Intermediate, Modern or Custom. + Custom provides the ability to specify individual TLS security + profile parameters. Old, Intermediate and Modern are TLS security + profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + \n The profiles are intent based, so they may change over time + as new ciphers are developed and existing ciphers are found + to be insecure. Depending on precisely which ciphers are available + to a process, the list may be reduced. \n Note that the Modern + profile is currently not supported because it is not yet well + adopted by common software libraries." + enum: + - Old + - Intermediate + - Modern + - Custom type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - nodePlacement: - description: "nodePlacement enables explicit control over the scheduling - of the ingress controller. \n If unset, defaults are used. See NodePlacement - for more details." - properties: - nodeSelector: - description: "nodeSelector is the node selector applied to ingress - controller deployments. \n If unset, the default is: \n beta.kubernetes.io/os: - linux node-role.kubernetes.io/worker: '' \n If set, the specified - selector is used and replaces the default." + type: object + type: object + status: + description: status is the most recently observed status of the IngressController. + properties: + availableReplicas: + description: availableReplicas is number of observed available replicas + according to the ingress controller deployment. + format: int32 + type: integer + conditions: + description: "conditions is a list of conditions and their status. + \n Available means the ingress controller deployment is available + and servicing route and ingress resources (i.e, .status.availableReplicas + equals .spec.replicas) \n There are additional conditions which + indicate the status of other ingress controller features and capabilities. + \n * LoadBalancerManaged - True if the following conditions + are met: * The endpoint publishing strategy requires a service + load balancer. - False if any of those conditions are unsatisfied. + \n * LoadBalancerReady - True if the following conditions are + met: * A load balancer is managed. * The load balancer is + ready. - False if any of those conditions are unsatisfied. \n + \ * DNSManaged - True if the following conditions are met: * + The endpoint publishing strategy and platform support DNS. * + The ingress controller domain is set. * dns.config.openshift.io/cluster + configures DNS zones. - False if any of those conditions are unsatisfied. + \n * DNSReady - True if the following conditions are met: * + DNS is managed. * DNS records have been successfully created. + \ - False if any of those conditions are unsatisfied." + items: + description: OperatorCondition is just the standard condition fields. properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + domain: + description: domain is the actual domain in use. + type: string + endpointPublishingStrategy: + description: endpointPublishingStrategy is the actual strategy in + use. + properties: + hostNetwork: + description: hostNetwork holds parameters for the HostNetwork + endpoint publishing strategy. Present only if type is HostNetwork. + type: object + loadBalancer: + description: loadBalancer holds parameters for the load balancer. + Present only if type is LoadBalancerService. + properties: + providerParameters: + description: "providerParameters holds desired load balancer + information specific to the underlying infrastructure provider. + \n If empty, defaults will be applied. See specific providerParameters + fields for details about their defaults." properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + aws: + description: "aws provides configuration settings that + are specific to AWS load balancers. \n If empty, defaults + will be applied. See specific aws fields for details + about their defaults." + properties: + classicLoadBalancer: + description: classicLoadBalancerParameters holds configuration + parameters for an AWS classic load balancer. Present + only if type is Classic. + type: object + networkLoadBalancer: + description: networkLoadBalancerParameters holds configuration + parameters for an AWS network load balancer. Present + only if type is NLB. + type: object + type: + description: "type is the type of AWS load balancer + to instantiate for an ingresscontroller. \n Valid + values are: \n * \"Classic\": A Classic Load Balancer + that makes routing decisions at either the transport + layer (TCP/SSL) or the application layer (HTTP/HTTPS). + See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb + \n * \"NLB\": A Network Load Balancer that makes + routing decisions at the transport layer (TCP/SSL). + See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" + enum: + - Classic + - NLB + type: string + required: + - type + type: object + type: + description: type is the underlying infrastructure provider + for the load balancer. Allowed values are "AWS", "Azure", + "BareMetal", "GCP", "OpenStack", and "VSphere". + enum: + - AWS + - Azure + - BareMetal + - GCP + - OpenStack + - VSphere + - IBM type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: - type: string - type: array required: - - key - - operator + - type type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - tolerations: - description: "tolerations is a list of tolerations applied to ingress - controller deployments. \n The default is an empty list. \n See - https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/" - items: - description: The pod this Toleration is attached to tolerates - any taint that matches the triple using the - matching operator . - properties: - effect: - description: Effect indicates the taint effect to match. Empty - means match all taint effects. When specified, allowed values - are NoSchedule, PreferNoSchedule and NoExecute. - type: string - key: - description: Key is the taint key that the toleration applies - to. Empty means match all taint keys. If the key is empty, - operator must be Exists; this combination means to match - all values and all keys. - type: string - operator: - description: Operator represents a key's relationship to the - value. Valid operators are Exists and Equal. Defaults to - Equal. Exists is equivalent to wildcard for value, so that - a pod can tolerate all taints of a particular category. - type: string - tolerationSeconds: - description: TolerationSeconds represents the period of time - the toleration (which must be of effect NoExecute, otherwise - this field is ignored) tolerates the taint. By default, - it is not set, which means tolerate the taint forever (do - not evict). Zero and negative values will be treated as - 0 (evict immediately) by the system. - format: int64 - type: integer - value: - description: Value is the taint value the toleration matches - to. If the operator is Exists, the value should be empty, - otherwise just a regular string. + scope: + description: scope indicates the scope at which the load balancer + is exposed. Possible values are "External" and "Internal". + enum: + - Internal + - External type: string - type: object - type: array - type: object - replicas: - description: replicas is the desired number of ingress controller replicas. - If unset, defaults to 2. - format: int32 - type: integer - routeAdmission: - description: "routeAdmission defines a policy for handling new route - claims (for example, to allow or deny claims across namespaces). \n - If empty, defaults will be applied. See specific routeAdmission fields - for details about their defaults." - properties: - namespaceOwnership: - description: "namespaceOwnership describes how host name claims - across namespaces should be handled. \n Value must be one of: - \n - Strict: Do not allow routes in different namespaces to claim - the same host. \n - InterNamespaceAllowed: Allow routes to claim - different paths of the same host name across namespaces. \n - If empty, the default is Strict." - enum: - - InterNamespaceAllowed - - Strict - type: string - wildcardPolicy: - description: "wildcardPolicy describes how routes with wildcard - policies should be handled for the ingress controller. WildcardPolicy - controls use of routes [1] exposed by the ingress controller based - on the route's wildcard policy. \n [1] https://github.com/openshift/api/blob/master/route/v1/types.go - \n Note: Updating WildcardPolicy from WildcardsAllowed to WildcardsDisallowed - will cause admitted routes with a wildcard policy of Subdomain - to stop working. These routes must be updated to a wildcard policy - of None to be readmitted by the ingress controller. \n WildcardPolicy - supports WildcardsAllowed and WildcardsDisallowed values. \n If - empty, defaults to \"WildcardsDisallowed\"." - enum: - - WildcardsAllowed - - WildcardsDisallowed - type: string - type: object - routeSelector: - description: "routeSelector is used to filter the set of Routes serviced - by the ingress controller. This is useful for implementing shards. - \n If unset, the default is no filtering." - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - items: - type: string - type: array required: - - key - - operator + - scope + type: object + nodePort: + description: nodePort holds parameters for the NodePortService + endpoint publishing strategy. Present only if type is NodePortService. + type: object + private: + description: private holds parameters for the Private endpoint + publishing strategy. Present only if type is Private. type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - tlsSecurityProfile: - description: "tlsSecurityProfile specifies settings for TLS connections - for ingresscontrollers. \n If unset, the default is based on the apiservers.config.openshift.io/cluster - resource. \n Note that when using the Old, Intermediate, and Modern - profile types, the effective profile configuration is subject to change - between releases. For example, given a specification to use the Intermediate - profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may - cause a new profile configuration to be applied to the ingress controller, - resulting in a rollout. \n Note that the minimum TLS version for ingress - controllers is 1.1, and the maximum TLS version is 1.2. An implication - of this restriction is that the Modern TLS profile type cannot be - used because it requires TLS 1.3." - properties: - custom: - description: "custom is a user-defined TLS security profile. Be - extremely careful using a custom profile as invalid configurations - can be catastrophic. An example custom profile looks like this: - \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - \ - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - \ minTLSVersion: TLSv1.1" - nullable: true - properties: - ciphers: - description: "ciphers is used to specify the cipher algorithms - that are negotiated during the TLS handshake. Operators may - remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" - items: - type: string - type: array - minTLSVersion: - description: "minTLSVersion is used to specify the minimal version - of the TLS protocol that is negotiated during the TLS handshake. - For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): - \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest - minTLSVersion allowed is VersionTLS12" - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - type: string - type: object - intermediate: - description: "intermediate is a TLS security profile based on: \n - https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - \ minTLSVersion: TLSv1.2" - nullable: true - type: object - modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - \ minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." - nullable: true - type: object - old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - \ - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - \ - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 - \ - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - - DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - \ - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 - \ - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: - TLSv1.0" - nullable: true - type: object - type: - description: "type is one of Old, Intermediate, Modern or Custom. - Custom provides the ability to specify individual TLS security - profile parameters. Old, Intermediate and Modern are TLS security - profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - \n The profiles are intent based, so they may change over time - as new ciphers are developed and existing ciphers are found to - be insecure. Depending on precisely which ciphers are available - to a process, the list may be reduced. \n Note that the Modern - profile is currently not supported because it is not yet well - adopted by common software libraries." - enum: - - Old - - Intermediate - - Modern - - Custom - type: string - type: object - type: object - status: - description: status is the most recently observed status of the IngressController. - properties: - availableReplicas: - description: availableReplicas is number of observed available replicas - according to the ingress controller deployment. - format: int32 - type: integer - conditions: - description: "conditions is a list of conditions and their status. \n - Available means the ingress controller deployment is available and - servicing route and ingress resources (i.e, .status.availableReplicas - equals .spec.replicas) \n There are additional conditions which indicate - the status of other ingress controller features and capabilities. - \n * LoadBalancerManaged - True if the following conditions are - met: * The endpoint publishing strategy requires a service load - balancer. - False if any of those conditions are unsatisfied. \n - \ * LoadBalancerReady - True if the following conditions are met: - \ * A load balancer is managed. * The load balancer is ready. - \ - False if any of those conditions are unsatisfied. \n * DNSManaged - \ - True if the following conditions are met: * The endpoint - publishing strategy and platform support DNS. * The ingress controller - domain is set. * dns.config.openshift.io/cluster configures DNS - zones. - False if any of those conditions are unsatisfied. \n * - DNSReady - True if the following conditions are met: * DNS is - managed. * DNS records have been successfully created. - False - if any of those conditions are unsatisfied." - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string type: + description: "type is the publishing strategy to use. Valid values + are: \n * LoadBalancerService \n Publishes the ingress controller + using a Kubernetes LoadBalancer Service. \n In this configuration, + the ingress controller deployment uses container networking. + A LoadBalancer Service is created to publish the deployment. + \n See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + \n If domain is set, a wildcard DNS record will be managed to + point at the LoadBalancer Service's external name. DNS records + are managed only in DNS zones defined by dns.config.openshift.io/cluster + .spec.publicZone and .spec.privateZone. \n Wildcard DNS management + is currently supported only on the AWS, Azure, and GCP platforms. + \n * HostNetwork \n Publishes the ingress controller on node + ports where the ingress controller is deployed. \n In this configuration, + the ingress controller deployment uses host networking, bound + to node ports 80 and 443. The user is responsible for configuring + an external load balancer to publish the ingress controller + via the node ports. \n * Private \n Does not publish the ingress + controller. \n In this configuration, the ingress controller + deployment uses container networking, and is not explicitly + published. The user must manually publish the ingress controller. + \n * NodePortService \n Publishes the ingress controller using + a Kubernetes NodePort Service. \n In this configuration, the + ingress controller deployment uses container networking. A NodePort + Service is created to publish the deployment. The specific node + ports are dynamically allocated by OpenShift; however, to support + static port allocations, user changes to the node port field + of the managed NodePort Service will preserved." + enum: + - LoadBalancerService + - HostNetwork + - Private + - NodePortService type: string + required: + - type type: object - type: array - domain: - description: domain is the actual domain in use. - type: string - endpointPublishingStrategy: - description: endpointPublishingStrategy is the actual strategy in use. - properties: - hostNetwork: - description: hostNetwork holds parameters for the HostNetwork endpoint - publishing strategy. Present only if type is HostNetwork. - type: object - loadBalancer: - description: loadBalancer holds parameters for the load balancer. - Present only if type is LoadBalancerService. - properties: - providerParameters: - description: "providerParameters holds desired load balancer - information specific to the underlying infrastructure provider. - \n If empty, defaults will be applied. See specific providerParameters - fields for details about their defaults." - properties: - aws: - description: "aws provides configuration settings that are - specific to AWS load balancers. \n If empty, defaults - will be applied. See specific aws fields for details about - their defaults." - properties: - classicLoadBalancer: - description: classicLoadBalancerParameters holds configuration - parameters for an AWS classic load balancer. Present - only if type is Classic. - type: object - networkLoadBalancer: - description: networkLoadBalancerParameters holds configuration - parameters for an AWS network load balancer. Present - only if type is NLB. - type: object - type: - description: "type is the type of AWS load balancer - to instantiate for an ingresscontroller. \n Valid - values are: \n * \"Classic\": A Classic Load Balancer - that makes routing decisions at either the transport - layer (TCP/SSL) or the application layer (HTTP/HTTPS). - See the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#clb - \n * \"NLB\": A Network Load Balancer that makes routing - decisions at the transport layer (TCP/SSL). See - the following for additional details: \n https://docs.aws.amazon.com/AmazonECS/latest/developerguide/load-balancer-types.html#nlb" - enum: - - Classic - - NLB - type: string - required: - - type - type: object - type: - description: type is the underlying infrastructure provider - for the load balancer. Allowed values are "AWS", "Azure", - "BareMetal", "GCP", "OpenStack", and "VSphere". - enum: - - AWS - - Azure - - BareMetal - - GCP - - OpenStack - - VSphere - type: string - required: - - type - type: object - scope: - description: scope indicates the scope at which the load balancer - is exposed. Possible values are "External" and "Internal". - enum: - - Internal - - External + observedGeneration: + description: observedGeneration is the most recent generation observed. + format: int64 + type: integer + selector: + description: selector is a label selector, in string format, for ingress + controller pods corresponding to the IngressController. The number + of matching pods should equal the value of availableReplicas. + type: string + tlsProfile: + description: tlsProfile is the TLS connection configuration that is + in effect. + properties: + ciphers: + description: "ciphers is used to specify the cipher algorithms + that are negotiated during the TLS handshake. Operators may + remove entries their operands do not support. For example, + to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" + items: type: string - required: - - scope - type: object - nodePort: - description: nodePort holds parameters for the NodePortService endpoint - publishing strategy. Present only if type is NodePortService. - type: object - private: - description: private holds parameters for the Private endpoint publishing - strategy. Present only if type is Private. - type: object - type: - description: "type is the publishing strategy to use. Valid values - are: \n * LoadBalancerService \n Publishes the ingress controller - using a Kubernetes LoadBalancer Service. \n In this configuration, - the ingress controller deployment uses container networking. A - LoadBalancer Service is created to publish the deployment. \n - See: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer - \n If domain is set, a wildcard DNS record will be managed to - point at the LoadBalancer Service's external name. DNS records - are managed only in DNS zones defined by dns.config.openshift.io/cluster - .spec.publicZone and .spec.privateZone. \n Wildcard DNS management - is currently supported only on the AWS, Azure, and GCP platforms. - \n * HostNetwork \n Publishes the ingress controller on node ports - where the ingress controller is deployed. \n In this configuration, - the ingress controller deployment uses host networking, bound - to node ports 80 and 443. The user is responsible for configuring - an external load balancer to publish the ingress controller via - the node ports. \n * Private \n Does not publish the ingress controller. - \n In this configuration, the ingress controller deployment uses - container networking, and is not explicitly published. The user - must manually publish the ingress controller. \n * NodePortService - \n Publishes the ingress controller using a Kubernetes NodePort - Service. \n In this configuration, the ingress controller deployment - uses container networking. A NodePort Service is created to publish - the deployment. The specific node ports are dynamically allocated - by OpenShift; however, to support static port allocations, user - changes to the node port field of the managed NodePort Service - will preserved." - enum: - - LoadBalancerService - - HostNetwork - - Private - - NodePortService - type: string - required: - - type - type: object - observedGeneration: - description: observedGeneration is the most recent generation observed. - format: int64 - type: integer - selector: - description: selector is a label selector, in string format, for ingress - controller pods corresponding to the IngressController. The number - of matching pods should equal the value of availableReplicas. - type: string - tlsProfile: - description: tlsProfile is the TLS connection configuration that is - in effect. - properties: - ciphers: - description: "ciphers is used to specify the cipher algorithms that - are negotiated during the TLS handshake. Operators may remove - entries their operands do not support. For example, to use DES-CBC3-SHA - \ (yaml): \n ciphers: - DES-CBC3-SHA" - items: + type: array + minTLSVersion: + description: "minTLSVersion is used to specify the minimal version + of the TLS protocol that is negotiated during the TLS handshake. + For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n + \ minTLSVersion: TLSv1.1 \n NOTE: currently the highest minTLSVersion + allowed is VersionTLS12" + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 type: string - type: array - minTLSVersion: - description: "minTLSVersion is used to specify the minimal version - of the TLS protocol that is negotiated during the TLS handshake. - For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): \n minTLSVersion: - TLSv1.1 \n NOTE: currently the highest minTLSVersion allowed is - VersionTLS12" - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - type: string - type: object - type: object - type: object - version: v1 - versions: - - name: v1 + type: object + type: object + type: object served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml-merge-patch b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml-merge-patch deleted file mode 100644 index 0439275bc3..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml-merge-patch +++ /dev/null @@ -1,20 +0,0 @@ -spec: - validation: - openAPIV3Schema: - properties: - spec: - properties: - logging: - properties: - access: - properties: - destination: - properties: - syslog: - oneOf: - - properties: - address: - format: ipv4 - - properties: - address: - format: ipv6 diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml-patch b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml-patch new file mode 100644 index 0000000000..6076c3a31b --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml-patch @@ -0,0 +1,9 @@ +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/spec/properties/logging/properties/access/properties/destination/properties/syslog/oneOf + value: + - properties: + address: + format: ipv4 + - properties: + address: + format: ipv6 diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml index c3349ff970..3f9f7b10a5 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_service-ca-operator_02_crd.yaml @@ -1,138 +1,139 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: servicecas.operator.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: scope: Cluster - preserveUnknownFields: false group: operator.openshift.io - version: v1 - names: - kind: ServiceCA - plural: servicecas - singular: serviceca - subresources: - status: {} - validation: - openAPIV3Schema: - description: ServiceCA provides information to configure an operator to manage - the service cert controllers - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - logLevel: - description: logLevel is an intent based logging for an overall component. It - does not give fine grained control, but it is a simple way to manage - coarse grained logging choices that operators have to interpret for - their operands. - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller has - observed from the cluster state. It exists in spec because it is - an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have to - interpret for themselves. - type: string - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. + versions: + - name: v1 + served: true + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: ServiceCA provides information to configure an operator to manage + the service cert controllers + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + logLevel: + description: logLevel is an intent based logging for an overall component. It + does not give fine grained control, but it is a simple way to manage + coarse grained logging choices that operators have to interpret + for their operands. + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs to - be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for a - given resource so that decisions about forced updates can be made. + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: operatorLogLevel is an intent based logging for the operator + itself. It does not give fine grained control, but it is a simple + way to manage coarse grained logging choices that operators have + to interpret for themselves. + type: string + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that + will override any previously set options. It only needs to be the + fields to override it will end up overlaying in the following order: + 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml index f738265ee3..0f16866957 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_70_cluster-network-operator_01_crd.yaml @@ -1,7 +1,9 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: networks.operator.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: operator.openshift.io names: @@ -10,368 +12,374 @@ spec: plural: networks singular: network scope: Cluster - preserveUnknownFields: false versions: - name: v1 served: true storage: true - validation: - # Ensure we will be able to deserialize the object into the golang type - openAPIV3Schema: - description: Network describes the cluster's desired network configuration. - It is consumed by the cluster-network-operator. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: NetworkSpec is the top-level network configuration object. - type: object - properties: - additionalNetworks: - description: additionalNetworks is a list of extra networks to make - available to pods when multiple networks are enabled. - type: array - items: - description: AdditionalNetworkDefinition configures an extra network - that is available but not created by default. Instead, pods must - request them by name. type must be specified, along with exactly - one "Config" that matches the type. + schema: + openAPIV3Schema: + description: Network describes the cluster's desired network configuration. + It is consumed by the cluster-network-operator. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: NetworkSpec is the top-level network configuration object. + type: object + properties: + additionalNetworks: + description: additionalNetworks is a list of extra networks to make + available to pods when multiple networks are enabled. + type: array + items: + description: AdditionalNetworkDefinition configures an extra network + that is available but not created by default. Instead, pods must + request them by name. type must be specified, along with exactly + one "Config" that matches the type. + type: object + properties: + name: + description: name is the name of the network. This will be populated + in the resulting CRD This must be unique. + type: string + namespace: + description: namespace is the namespace of the network. This + will be populated in the resulting CRD If not given the network + will be created in the default namespace. + type: string + rawCNIConfig: + description: rawCNIConfig is the raw CNI configuration json + to create in the NetworkAttachmentDefinition CRD + type: string + simpleMacvlanConfig: + description: SimpleMacvlanConfig configures the macvlan interface + in case of type:NetworkTypeSimpleMacvlan + type: object + properties: + ipamConfig: + description: IPAMConfig configures IPAM module will be used + for IP Address Management (IPAM). + type: object + properties: + staticIPAMConfig: + description: StaticIPAMConfig configures the static + IP address in case of type:IPAMTypeStatic + type: object + properties: + addresses: + description: Addresses configures IP address for + the interface + type: array + items: + description: StaticIPAMAddresses provides IP address + and Gateway for static IPAM addresses + type: object + properties: + address: + description: Address is the IP address in + CIDR format + type: string + gateway: + description: Gateway is IP inside of subnet + to designate as the gateway + type: string + dns: + description: DNS configures DNS for the interface + type: object + properties: + domain: + description: Domain configures the domainname + the local domain used for short hostname lookups + type: string + nameservers: + description: Nameservers points DNS servers + for IP lookup + type: array + items: + type: string + search: + description: Search configures priority ordered + search domains for short hostname lookups + type: array + items: + type: string + routes: + description: Routes configures IP routes for the + interface + type: array + items: + description: StaticIPAMRoutes provides Destination/Gateway + pairs for static IPAM routes + type: object + properties: + destination: + description: Destination points the IP route + destination + type: string + gateway: + description: Gateway is the route's next-hop + IP address If unset, a default gateway is + assumed (as determined by the CNI plugin). + type: string + type: + description: Type is the type of IPAM module will be + used for IP Address Management(IPAM). The supported + values are IPAMTypeDHCP, IPAMTypeStatic + type: string + master: + description: master is the host interface to create the + macvlan interface from. If not specified, it will be default + route interface + type: string + mode: + description: 'mode is the macvlan mode: bridge, private, + vepa, passthru. The default is bridge' + type: string + mtu: + description: mtu is the mtu to use for the macvlan interface. + if unset, host's kernel will select the value. + type: integer + format: int32 + minimum: 0 + type: + description: type is the type of network The supported values + are NetworkTypeRaw, NetworkTypeSimpleMacvlan + type: string + clusterNetwork: + description: clusterNetwork is the IP address pool to use for pod + IPs. Some network providers, e.g. OpenShift SDN, support multiple + ClusterNetworks. Others only support one. This is equivalent to + the cluster-cidr. + type: array + items: + description: ClusterNetworkEntry is a subnet from which to allocate + PodIPs. A network of size HostPrefix (in CIDR notation) will be + allocated when nodes join the cluster. If the HostPrefix field + is not used by the plugin, it can be left unset. Not all network + providers support multiple ClusterNetworks + type: object + properties: + cidr: + type: string + hostPrefix: + type: integer + format: int32 + minimum: 0 + defaultNetwork: + description: defaultNetwork is the "default" network that all pods + will receive type: object properties: - name: - description: name is the name of the network. This will be populated - in the resulting CRD This must be unique. - type: string - namespace: - description: namespace is the namespace of the network. This will - be populated in the resulting CRD If not given the network will - be created in the default namespace. - type: string - rawCNIConfig: - description: rawCNIConfig is the raw CNI configuration json to - create in the NetworkAttachmentDefinition CRD - type: string - simpleMacvlanConfig: - description: SimpleMacvlanConfig configures the macvlan interface - in case of type:NetworkTypeSimpleMacvlan + kuryrConfig: + description: KuryrConfig configures the kuryr plugin type: object properties: - ipamConfig: - description: IPAMConfig configures IPAM module will be used - for IP Address Management (IPAM). - type: object - properties: - staticIPAMConfig: - description: StaticIPAMConfig configures the static IP - address in case of type:IPAMTypeStatic - type: object - properties: - addresses: - description: Addresses configures IP address for the - interface - type: array - items: - description: StaticIPAMAddresses provides IP address - and Gateway for static IPAM addresses - type: object - properties: - address: - description: Address is the IP address in CIDR - format - type: string - gateway: - description: Gateway is IP inside of subnet - to designate as the gateway - type: string - dns: - description: DNS configures DNS for the interface - type: object - properties: - domain: - description: Domain configures the domainname - the local domain used for short hostname lookups - type: string - nameservers: - description: Nameservers points DNS servers for - IP lookup - type: array - items: - type: string - search: - description: Search configures priority ordered - search domains for short hostname lookups - type: array - items: - type: string - routes: - description: Routes configures IP routes for the interface - type: array - items: - description: StaticIPAMRoutes provides Destination/Gateway - pairs for static IPAM routes - type: object - properties: - destination: - description: Destination points the IP route - destination - type: string - gateway: - description: Gateway is the route's next-hop - IP address If unset, a default gateway is - assumed (as determined by the CNI plugin). - type: string - type: - description: Type is the type of IPAM module will be used - for IP Address Management(IPAM). The supported values - are IPAMTypeDHCP, IPAMTypeStatic - type: string - master: - description: master is the host interface to create the macvlan - interface from. If not specified, it will be default route - interface + controllerProbesPort: + description: The port kuryr-controller will listen for readiness + and liveness requests. + type: integer + format: int32 + minimum: 0 + daemonProbesPort: + description: The port kuryr-daemon will listen for readiness + and liveness requests. + type: integer + format: int32 + minimum: 0 + enablePortPoolsPrepopulation: + description: enablePortPoolsPrepopulation when true will make + Kuryr prepopulate each newly created port pool with a minimum + number of ports. Kuryr uses Neutron port pooling to fight + the fact that it takes a significant amount of time to create + one. Instead of creating it when pod is being deployed, + Kuryr keeps a number of ports ready to be attached to pods. + By default port prepopulation is disabled. + type: boolean + openStackServiceNetwork: + description: openStackServiceNetwork contains the CIDR of + network from which to allocate IPs for OpenStack Octavia's + Amphora VMs. Please note that with Amphora driver Octavia + uses two IPs from that network for each loadbalancer - one + given by OpenShift and second for VRRP connections. As the + first one is managed by OpenShift's and second by Neutron's + IPAMs, those need to come from different pools. Therefore + `openStackServiceNetwork` needs to be at least twice the + size of `serviceNetwork`, and whole `serviceNetwork` must + be overlapping with `openStackServiceNetwork`. cluster-network-operator + will then make sure VRRP IPs are taken from the ranges inside + `openStackServiceNetwork` that are not overlapping with + `serviceNetwork`, effectivly preventing conflicts. If not + set cluster-network-operator will use `serviceNetwork` expanded + by decrementing the prefix size by 1. type: string + poolBatchPorts: + description: poolBatchPorts sets a number of ports that should + be created in a single batch request to extend the port + pool. The default is 3. For more information about port + pools see enablePortPoolsPrepopulation setting. + type: integer + minimum: 0 + poolMaxPorts: + description: poolMaxPorts sets a maximum number of free ports + that are being kept in a port pool. If the number of ports + exceeds this setting, free ports will get deleted. Setting + 0 will disable this upper bound, effectively preventing + pools from shrinking and this is the default value. For + more information about port pools see enablePortPoolsPrepopulation + setting. + type: integer + minimum: 0 + poolMinPorts: + description: poolMinPorts sets a minimum number of free ports + that should be kept in a port pool. If the number of ports + is lower than this setting, new ports will get created and + added to pool. The default is 1. For more information about + port pools see enablePortPoolsPrepopulation setting. + type: integer + minimum: 1 + openshiftSDNConfig: + description: openShiftSDNConfig configures the openshift-sdn plugin + type: object + properties: + enableUnidling: + description: enableUnidling controls whether or not the service + proxy will support idling and unidling of services. By default, + unidling is enabled. + type: boolean mode: - description: 'mode is the macvlan mode: bridge, private, vepa, - passthru. The default is bridge' + description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" type: string mtu: - description: mtu is the mtu to use for the macvlan interface. - if unset, host's kernel will select the value. + description: mtu is the mtu to use for the tunnel interface. + Defaults to 1450 if unset. This must be 50 bytes smaller + than the machine's uplink. + type: integer + format: int32 + minimum: 0 + useExternalOpenvswitch: + description: useExternalOpenvswitch tells the operator not + to install openvswitch, because it will be provided separately. + If set, you must provide it yourself. + type: boolean + vxlanPort: + description: vxlanPort is the port to use for all vxlan packets. + The default is 4789. + type: integer + format: int32 + minimum: 0 + ovnKubernetesConfig: + description: oVNKubernetesConfig configures the ovn-kubernetes + plugin. This is currently not implemented. + type: object + properties: + genevePort: + description: geneve port is the UDP port to be used by geneve + encapulation. Default is 6081 + type: integer + format: int32 + minimum: 1 + hybridOverlayConfig: + description: HybridOverlayConfig configures an additional + overlay network for peers that are not using OVN. + type: object + properties: + hybridClusterNetwork: + description: HybridClusterNetwork defines a network space + given to nodes on an additional overlay network. + type: array + items: + description: ClusterNetworkEntry is a subnet from which + to allocate PodIPs. A network of size HostPrefix (in + CIDR notation) will be allocated when nodes join the + cluster. If the HostPrefix field is not used by the + plugin, it can be left unset. Not all network providers + support multiple ClusterNetworks + type: object + properties: + cidr: + type: string + hostPrefix: + type: integer + format: int32 + minimum: 0 + hybridOverlayVXLANPort: + description: HybridOverlayVXLANPort defines the VXLAN + port number to be used by the additional overlay network. + Default is 4789 + type: integer + format: int32 + mtu: + description: mtu is the MTU to use for the tunnel interface. + This must be 100 bytes smaller than the uplink mtu. Default + is 1400 type: integer format: int32 minimum: 0 type: - description: type is the type of network The supported values - are NetworkTypeRaw, NetworkTypeSimpleMacvlan + description: type is the type of network All NetworkTypes are + supported except for NetworkTypeRaw type: string - clusterNetwork: - description: clusterNetwork is the IP address pool to use for pod IPs. - Some network providers, e.g. OpenShift SDN, support multiple ClusterNetworks. - Others only support one. This is equivalent to the cluster-cidr. - type: array - items: - description: ClusterNetworkEntry is a subnet from which to allocate - PodIPs. A network of size HostPrefix (in CIDR notation) will be - allocated when nodes join the cluster. Not all network providers - support multiple ClusterNetworks + deployKubeProxy: + description: deployKubeProxy specifies whether or not a standalone + kube-proxy should be deployed by the operator. Some network providers + include kube-proxy or similar functionality. If unset, the plugin + will attempt to select the correct value, which is false when OpenShift + SDN and ovn-kubernetes are used and true otherwise. + type: boolean + disableMultiNetwork: + description: disableMultiNetwork specifies whether or not multiple + pod network support should be disabled. If unset, this property + defaults to 'false' and multiple network support is enabled. + type: boolean + kubeProxyConfig: + description: kubeProxyConfig lets us configure desired proxy configuration. + If not specified, sensible defaults will be chosen by OpenShift + directly. Not consumed by all network providers - currently only + openshift-sdn. type: object properties: - cidr: + bindAddress: + description: The address to "bind" on Defaults to 0.0.0.0 type: string - hostPrefix: - type: integer - format: int32 - minimum: 0 - defaultNetwork: - description: defaultNetwork is the "default" network that all pods will - receive - type: object - properties: - kuryrConfig: - description: KuryrConfig configures the kuryr plugin - type: object - properties: - controllerProbesPort: - description: The port kuryr-controller will listen for readiness - and liveness requests. - type: integer - format: int32 - minimum: 0 - daemonProbesPort: - description: The port kuryr-daemon will listen for readiness - and liveness requests. - type: integer - format: int32 - minimum: 0 - enablePortPoolsPrepopulation: - description: enablePortPoolsPrepopulation when true will make - Kuryr prepopulate each newly created port pool with a minimum - number of ports. Kuryr uses Neutron port pooling to fight - the fact that it takes a significant amount of time to create - one. Instead of creating it when pod is being deployed, Kuryr - keeps a number of ports ready to be attached to pods. By default - port prepopulation is disabled. - type: boolean - openStackServiceNetwork: - description: openStackServiceNetwork contains the CIDR of network - from which to allocate IPs for OpenStack Octavia's Amphora - VMs. Please note that with Amphora driver Octavia uses two - IPs from that network for each loadbalancer - one given by - OpenShift and second for VRRP connections. As the first one - is managed by OpenShift's and second by Neutron's IPAMs, those - need to come from different pools. Therefore `openStackServiceNetwork` - needs to be at least twice the size of `serviceNetwork`, and - whole `serviceNetwork` must be overlapping with `openStackServiceNetwork`. - cluster-network-operator will then make sure VRRP IPs are - taken from the ranges inside `openStackServiceNetwork` that - are not overlapping with `serviceNetwork`, effectivly preventing - conflicts. If not set cluster-network-operator will use `serviceNetwork` - expanded by decrementing the prefix size by 1. - type: string - poolBatchPorts: - description: poolBatchPorts sets a number of ports that should - be created in a single batch request to extend the port pool. - The default is 3. For more information about port pools see - enablePortPoolsPrepopulation setting. - type: integer - minimum: 0 - poolMaxPorts: - description: poolMaxPorts sets a maximum number of free ports - that are being kept in a port pool. If the number of ports - exceeds this setting, free ports will get deleted. Setting - 0 will disable this upper bound, effectively preventing pools - from shrinking and this is the default value. For more information - about port pools see enablePortPoolsPrepopulation setting. - type: integer - minimum: 0 - poolMinPorts: - description: poolMinPorts sets a minimum number of free ports - that should be kept in a port pool. If the number of ports - is lower than this setting, new ports will get created and - added to pool. The default is 1. For more information about - port pools see enablePortPoolsPrepopulation setting. - type: integer - minimum: 1 - openshiftSDNConfig: - description: openShiftSDNConfig configures the openshift-sdn plugin - type: object - properties: - enableUnidling: - description: enableUnidling controls whether or not the service - proxy will support idling and unidling of services. By default, - unidling is enabled. - type: boolean - mode: - description: mode is one of "Multitenant", "Subnet", or "NetworkPolicy" - type: string - mtu: - description: mtu is the mtu to use for the tunnel interface. - Defaults to 1450 if unset. This must be 50 bytes smaller than - the machine's uplink. - type: integer - format: int32 - minimum: 0 - useExternalOpenvswitch: - description: useExternalOpenvswitch tells the operator not to - install openvswitch, because it will be provided separately. - If set, you must provide it yourself. - type: boolean - vxlanPort: - description: vxlanPort is the port to use for all vxlan packets. - The default is 4789. - type: integer - format: int32 - minimum: 0 - ovnKubernetesConfig: - description: oVNKubernetesConfig configures the ovn-kubernetes plugin. - This is currently not implemented. - type: object - properties: - genevePort: - description: geneve port is the UDP port to be used by geneve - encapulation. Default is 6081 - type: integer - format: int32 - minimum: 1 - hybridOverlayConfig: - description: HybridOverlayConfig configures an additional overlay - network for peers that are not using OVN. - type: object - properties: - hybridClusterNetwork: - description: HybridClusterNetwork defines a network space - given to nodes on an additional overlay network. - type: array - items: - description: ClusterNetworkEntry is a subnet from which - to allocate PodIPs. A network of size HostPrefix (in - CIDR notation) will be allocated when nodes join the - cluster. Not all network providers support multiple - ClusterNetworks - type: object - properties: - cidr: - type: string - hostPrefix: - type: integer - format: int32 - minimum: 0 - hybridOverlayVXLANPort: - description: HybridOverlayVXLANPort defines the VXLAN port - number to be used by the additional overlay network. Default - is 4789 - type: integer - format: int32 - mtu: - description: mtu is the MTU to use for the tunnel interface. - This must be 100 bytes smaller than the uplink mtu. Default - is 1400 - type: integer - format: int32 - minimum: 0 - type: - description: type is the type of network All NetworkTypes are supported - except for NetworkTypeRaw - type: string - deployKubeProxy: - description: deployKubeProxy specifies whether or not a standalone kube-proxy - should be deployed by the operator. Some network providers include - kube-proxy or similar functionality. If unset, the plugin will attempt - to select the correct value, which is false when OpenShift SDN and - ovn-kubernetes are used and true otherwise. - type: boolean - disableMultiNetwork: - description: disableMultiNetwork specifies whether or not multiple pod - network support should be disabled. If unset, this property defaults - to 'false' and multiple network support is enabled. - type: boolean - kubeProxyConfig: - description: kubeProxyConfig lets us configure desired proxy configuration. - If not specified, sensible defaults will be chosen by OpenShift directly. - Not consumed by all network providers - currently only openshift-sdn. - type: object - properties: - bindAddress: - description: The address to "bind" on Defaults to 0.0.0.0 - type: string - iptablesSyncPeriod: - description: 'The period that iptables rules are refreshed. Default: - 30s' - type: string - proxyArguments: - description: Any additional arguments to pass to the kubeproxy process - type: object - additionalProperties: - description: ProxyArgumentList is a list of arguments to pass - to the kubeproxy process - type: array - items: - type: string - logLevel: - description: logLevel allows configuring the logging level of the components - deployed by the operator. Currently only Kuryr SDN is affected by - this setting. Please note that turning on extensive logging may affect - performance. The default value is "Normal". - type: string - serviceNetwork: - description: serviceNetwork is the ip address pool to use for Service - IPs Currently, all existing network providers only support a single - value here, but this is an array to allow for growth. - type: array - items: + iptablesSyncPeriod: + description: 'The period that iptables rules are refreshed. Default: + 30s' + type: string + proxyArguments: + description: Any additional arguments to pass to the kubeproxy + process + type: object + additionalProperties: + description: ProxyArgumentList is a list of arguments to pass + to the kubeproxy process + type: array + items: + type: string + logLevel: + description: logLevel allows configuring the logging level of the + components deployed by the operator. Currently only Kuryr SDN is + affected by this setting. Please note that turning on extensive + logging may affect performance. The default value is "Normal". type: string - status: - description: NetworkStatus is currently unused. Instead, status is reported - in the Network.config.openshift.io object. - type: object + serviceNetwork: + description: serviceNetwork is the ip address pool to use for Service + IPs Currently, all existing network providers only support a single + value here, but this is an array to allow for growth. + type: array + items: + type: string + status: + description: NetworkStatus is currently unused. Instead, status is reported + in the Network.config.openshift.io object. + type: object diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml index 5cabd51074..f23db5fef2 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml @@ -1,232 +1,237 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: consoles.operator.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: scope: Cluster - preserveUnknownFields: false group: operator.openshift.io names: kind: Console listKind: ConsoleList plural: consoles singular: console - subresources: - status: {} versions: - name: v1 served: true storage: true - validation: - openAPIV3Schema: - description: Console provides a means to configure an operator to manage the - console. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ConsoleSpec is the specification of the desired behavior of - the Console. - type: object - properties: - customization: - description: customization is used to optionally provide a small set - of customization options to the web console. - type: object - properties: - brand: - description: brand is the default branding of the web console which - can be overridden by providing the brand field. There is a limited - set of specific brand options. This field controls elements of - the console such as the logo. Invalid value will prevent a console - rollout. - type: string - pattern: ^$|^(ocp|origin|okd|dedicated|online|azure)$ - customLogoFile: - description: 'customLogoFile replaces the default OpenShift logo - in the masthead and about dialog. It is a reference to a ConfigMap - in the openshift-config namespace. This can be created with a - command like ''oc create configmap custom-logo --from-file=/path/to/file - -n openshift-config''. Image size must be less than 1 MB due to - constraints on the ConfigMap size. The ConfigMap key should include - a file extension so that the console serves the file with the - correct MIME type. Recommended logo specifications: Dimensions: - Max height of 68px and max width of 200px SVG format preferred' + subresources: + status: {} + schema: + openAPIV3Schema: + description: Console provides a means to configure an operator to manage the + console. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ConsoleSpec is the specification of the desired behavior + of the Console. + type: object + properties: + customization: + description: customization is used to optionally provide a small set + of customization options to the web console. + type: object + properties: + brand: + description: brand is the default branding of the web console + which can be overridden by providing the brand field. There + is a limited set of specific brand options. This field controls + elements of the console such as the logo. Invalid value will + prevent a console rollout. + type: string + pattern: ^$|^(ocp|origin|okd|dedicated|online|azure)$ + customLogoFile: + description: 'customLogoFile replaces the default OpenShift logo + in the masthead and about dialog. It is a reference to a ConfigMap + in the openshift-config namespace. This can be created with + a command like ''oc create configmap custom-logo --from-file=/path/to/file + -n openshift-config''. Image size must be less than 1 MB due + to constraints on the ConfigMap size. The ConfigMap key should + include a file extension so that the console serves the file + with the correct MIME type. Recommended logo specifications: + Dimensions: Max height of 68px and max width of 200px SVG format + preferred' + type: object + properties: + key: + description: Key allows pointing to a specific key/value inside + of the configmap. This is useful for logical file references. + type: string + name: + type: string + customProductName: + description: customProductName is the name that will be displayed + in page titles, logo alt text, and the about dialog instead + of the normal OpenShift product name. + type: string + documentationBaseURL: + description: documentationBaseURL links to external documentation + are shown in various sections of the web console. Providing + documentationBaseURL will override the default documentation + URL. Invalid value will prevent a console rollout. + type: string + pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))\/$ + logLevel: + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + managementState: + description: managementState indicates whether and how the operator + should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: operatorLogLevel is an intent based logging for the operator + itself. It does not give fine grained control, but it is a simple + way to manage coarse grained logging choices that operators have + to interpret for themselves. + type: string + providers: + description: providers contains configuration for using specific service + providers. + type: object + properties: + statuspage: + description: statuspage contains ID for statuspage.io page that + provides status info about. + type: object + properties: + pageID: + description: pageID is the unique ID assigned by Statuspage + for your page. This must be a public page. + type: string + route: + description: route contains hostname and secret reference that contains + the serving certificate. If a custom route is specified, a new route + will be created with the provided hostname, under which console + will be available. In case of custom hostname uses the default routing + suffix of the cluster, the Secret specification for a serving certificate + will not be needed. In case of custom hostname points to an arbitrary + domain, manual DNS configurations steps are necessary. The default + console route will be maintained to reserve the default hostname + for console if the custom route is removed. If not specified, default + route will be used. + type: object + properties: + hostname: + description: hostname is the desired custom domain under which + console will be available. + type: string + secret: + description: 'secret points to secret in the openshift-config + namespace that contains custom certificate and key and needs + to be created manually by the cluster admin. Referenced Secret + is required to contain following key value pairs: - "tls.crt" + - to specifies custom certificate - "tls.key" - to specifies + private key of the custom certificate If the custom hostname + uses the default routing suffix of the cluster, the Secret specification + for a serving certificate will not be needed.' + type: object + required: + - name + properties: + name: + description: name is the metadata.name of the referenced secret + type: string + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that + will override any previously set options. It only needs to be the + fields to override it will end up overlaying in the following order: + 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' + type: object + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + description: ConsoleStatus defines the observed status of the Console. + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. type: object properties: - key: - description: Key allows pointing to a specific key/value inside - of the configmap. This is useful for logical file references. + lastTransitionTime: type: string - name: + format: date-time + message: type: string - customProductName: - description: customProductName is the name that will be displayed - in page titles, logo alt text, and the about dialog instead of - the normal OpenShift product name. - type: string - documentationBaseURL: - description: documentationBaseURL links to external documentation - are shown in various sections of the web console. Providing documentationBaseURL - will override the default documentation URL. Invalid value will - prevent a console rollout. - type: string - pattern: ^$|^((https):\/\/?)[^\s()<>]+(?:\([\w\d]+\)|([^[:punct:]\s]|\/?))\/$ - logLevel: - description: logLevel is an intent based logging for an overall component. It - does not give fine grained control, but it is a simple way to manage - coarse grained logging choices that operators have to interpret for - their operands. - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller has - observed from the cluster state. It exists in spec because it is - an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have to - interpret for themselves. - type: string - providers: - description: providers contains configuration for using specific service - providers. - type: object - properties: - statuspage: - description: statuspage contains ID for statuspage.io page that - provides status info about. - type: object - properties: - pageID: - description: pageID is the unique ID assigned by Statuspage - for your page. This must be a public page. + reason: + type: string + status: type: string - route: - description: route contains hostname and secret reference that contains - the serving certificate. If a custom route is specified, a new route - will be created with the provided hostname, under which console will - be available. In case of custom hostname uses the default routing - suffix of the cluster, the Secret specification for a serving certificate - will not be needed. In case of custom hostname points to an arbitrary - domain, manual DNS configurations steps are necessary. The default - console route will be maintained to reserve the default hostname for - console if the custom route is removed. If not specified, default - route will be used. - type: object - properties: - hostname: - description: hostname is the desired custom domain under which console - will be available. - type: string - secret: - description: 'secret points to secret in the openshift-config namespace - that contains custom certificate and key and needs to be created - manually by the cluster admin. Referenced Secret is required to - contain following key value pairs: - "tls.crt" - to specifies - custom certificate - "tls.key" - to specifies private key of the - custom certificate If the custom hostname uses the default routing - suffix of the cluster, the Secret specification for a serving - certificate will not be needed.' + type: + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. type: object - required: - - name properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + type: integer + format: int64 name: - description: name is the metadata.name of the referenced secret + description: name is the name of the thing you're tracking type: string - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - description: ConsoleStatus defines the observed status of the Console. - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. - type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs to - be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for a - given resource so that decisions about forced updates can be made. - type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00-custom-resource-definition.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00-custom-resource-definition.yaml index e553f1f656..09bb779084 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00-custom-resource-definition.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_70_dns-operator_00-custom-resource-definition.yaml @@ -1,8 +1,9 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - creationTimestamp: null name: dnses.operator.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: operator.openshift.io names: @@ -11,132 +12,125 @@ spec: plural: dnses singular: dns scope: Cluster - preserveUnknownFields: false - subresources: - status: {} - validation: - openAPIV3Schema: - description: "DNS manages the CoreDNS component to provide a name resolution - service for pods and services in the cluster. \n This supports the DNS-based - service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md - \n More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns" - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the specification of the desired behavior of the DNS. - type: object - properties: - servers: - description: "servers is a list of DNS resolvers that provide name query - delegation for one or more subdomains outside the scope of the cluster - domain. If servers consists of more than one Server, longest suffix - match will be used to determine the Server. \n For example, if there - are two Servers, one for \"foo.com\" and another for \"a.foo.com\", - and the name query is for \"www.a.foo.com\", it will be routed to - the Server with Zone \"a.foo.com\". \n If this field is nil, no servers - are created." - type: array - items: - description: Server defines the schema for a server that runs per - instance of CoreDNS. - type: object - properties: - forwardPlugin: - description: forwardPlugin defines a schema for configuring CoreDNS - to proxy DNS messages to upstream resolvers. - type: object - properties: - upstreams: - description: "upstreams is a list of resolvers to forward - name queries for subdomains of Zones. Upstreams are randomized - when more than 1 upstream is specified. Each instance of - CoreDNS performs health checking of Upstreams. When a healthy - upstream returns an error during the exchange, another resolver - is tried from Upstreams. Each upstream is represented by - an IP address or IP:port if the upstream listens on a port - other than 53. \n A maximum of 15 upstreams is allowed per - ForwardPlugin." - type: array - maxItems: 15 - items: - type: string - name: - description: name is required and specifies a unique name for - the server. Name must comply with the Service Name Syntax of - rfc6335. - type: string - zones: - description: zones is required and specifies the subdomains that - Server is authoritative for. Zones must conform to the rfc1123 - definition of a subdomain. Specifying the cluster domain (i.e., - "cluster.local") is invalid. - type: array - items: - type: string - status: - description: status is the most recently observed status of the DNS. - type: object - required: - - clusterDomain - - clusterIP - properties: - clusterDomain: - description: "clusterDomain is the local cluster DNS domain suffix for - DNS services. This will be a subdomain as defined in RFC 1034, section - 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 Example: \"cluster.local\" - \n More info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service" - type: string - clusterIP: - description: "clusterIP is the service IP through which this DNS is - made available. \n In the case of the default DNS, this will be a - well known IP that is used as the default nameserver for pods that - are using the default ClusterFirst DNS policy. \n In general, this - IP can be specified in a pod's spec.dnsConfig.nameservers list or - used explicitly when performing name resolution from within the cluster. - Example: dig foo.com @ \n More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" - type: string - conditions: - description: "conditions provide information about the state of the - DNS on the cluster. \n These are the supported DNS conditions: \n - \ * Available - True if the following conditions are met: * - DNS controller daemonset is available. - False if any of those conditions - are unsatisfied." - type: array - items: - description: OperatorCondition is just the standard condition fields. - type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - version: v1 versions: - name: v1 served: true storage: true -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] + subresources: + status: {} + schema: + openAPIV3Schema: + description: "DNS manages the CoreDNS component to provide a name resolution + service for pods and services in the cluster. \n This supports the DNS-based + service discovery specification: https://github.com/kubernetes/dns/blob/master/docs/specification.md + \n More details: https://kubernetes.io/docs/tasks/administer-cluster/coredns" + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the specification of the desired behavior of the + DNS. + type: object + properties: + servers: + description: "servers is a list of DNS resolvers that provide name + query delegation for one or more subdomains outside the scope of + the cluster domain. If servers consists of more than one Server, + longest suffix match will be used to determine the Server. \n For + example, if there are two Servers, one for \"foo.com\" and another + for \"a.foo.com\", and the name query is for \"www.a.foo.com\", + it will be routed to the Server with Zone \"a.foo.com\". \n If this + field is nil, no servers are created." + type: array + items: + description: Server defines the schema for a server that runs per + instance of CoreDNS. + type: object + properties: + forwardPlugin: + description: forwardPlugin defines a schema for configuring + CoreDNS to proxy DNS messages to upstream resolvers. + type: object + properties: + upstreams: + description: "upstreams is a list of resolvers to forward + name queries for subdomains of Zones. Upstreams are randomized + when more than 1 upstream is specified. Each instance + of CoreDNS performs health checking of Upstreams. When + a healthy upstream returns an error during the exchange, + another resolver is tried from Upstreams. Each upstream + is represented by an IP address or IP:port if the upstream + listens on a port other than 53. \n A maximum of 15 upstreams + is allowed per ForwardPlugin." + type: array + maxItems: 15 + items: + type: string + name: + description: name is required and specifies a unique name for + the server. Name must comply with the Service Name Syntax + of rfc6335. + type: string + zones: + description: zones is required and specifies the subdomains + that Server is authoritative for. Zones must conform to the + rfc1123 definition of a subdomain. Specifying the cluster + domain (i.e., "cluster.local") is invalid. + type: array + items: + type: string + status: + description: status is the most recently observed status of the DNS. + type: object + required: + - clusterDomain + - clusterIP + properties: + clusterDomain: + description: "clusterDomain is the local cluster DNS domain suffix + for DNS services. This will be a subdomain as defined in RFC 1034, + section 3.5: https://tools.ietf.org/html/rfc1034#section-3.5 Example: + \"cluster.local\" \n More info: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service" + type: string + clusterIP: + description: "clusterIP is the service IP through which this DNS is + made available. \n In the case of the default DNS, this will be + a well known IP that is used as the default nameserver for pods + that are using the default ClusterFirst DNS policy. \n In general, + this IP can be specified in a pod's spec.dnsConfig.nameservers list + or used explicitly when performing name resolution from within the + cluster. Example: dig foo.com @ \n More info: https://kubernetes.io/docs/concepts/services-networking/service/#virtual-ips-and-service-proxies" + type: string + conditions: + description: "conditions provide information about the state of the + DNS on the cluster. \n These are the supported DNS conditions: \n + \ * Available - True if the following conditions are met: * + DNS controller daemonset is available. - False if any of those + conditions are unsatisfied." + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml index d8cd7528bd..16e04f4c79 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_80_csi_snapshot_controller_operator_01_crd.yaml @@ -1,142 +1,145 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: csisnapshotcontrollers.operator.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: operator.openshift.io names: kind: CSISnapshotController plural: csisnapshotcontrollers singular: csisnapshotcontroller - preserveUnknownFields: false scope: Cluster - subresources: - status: {} - version: v1 versions: - name: v1 served: true storage: true - validation: - openAPIV3Schema: - description: CSISnapshotController provides a means to configure an operator - to manage the CSI snapshots. `cluster` is the canonical name. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - logLevel: - description: logLevel is an intent based logging for an overall component. It - does not give fine grained control, but it is a simple way to manage - coarse grained logging choices that operators have to interpret for - their operands. - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - type: string - pattern: ^(Managed|Unmanaged|Force|Removed)$ - observedConfig: - description: observedConfig holds a sparse config that controller has - observed from the cluster state. It exists in spec because it is - an input to the level for the operator - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have to - interpret for themselves. - type: string - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - conditions: - description: conditions is a list of conditions and their status - type: array - items: - description: OperatorCondition is just the standard condition fields. + subresources: + status: {} + schema: + openAPIV3Schema: + description: CSISnapshotController provides a means to configure an operator + to manage the CSI snapshots. `cluster` is the canonical name. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + logLevel: + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + default: Normal + managementState: + description: managementState indicates whether and how the operator + should manage the component + type: string + pattern: ^(Managed|Unmanaged|Force|Removed)$ + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator type: object - properties: - lastTransitionTime: - type: string - format: date-time - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - generations: - description: generations are used to determine when an item needs to - be reconciled or has changed in a way that needs a reaction. - type: array - items: - description: GenerationStatus keeps track of the generation for a - given resource so that decisions about forced updates can be made. + nullable: true + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: operatorLogLevel is an intent based logging for the operator + itself. It does not give fine grained control, but it is a simple + way to manage coarse grained logging choices that operators have + to interpret for themselves. + type: string + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that + will override any previously set options. It only needs to be the + fields to override it will end up overlaying in the following order: + 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' type: object - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - type: integer - format: int64 - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - type: integer - format: int64 - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - type: integer - format: int32 - version: - description: version is the level this availability applies to - type: string + nullable: true + x-kubernetes-preserve-unknown-fields: true + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + properties: + conditions: + description: conditions is a list of conditions and their status + type: array + items: + description: OperatorCondition is just the standard condition fields. + type: object + properties: + lastTransitionTime: + type: string + format: date-time + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + type: array + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + type: object + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + type: integer + format: int64 + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + type: integer + format: int64 + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + type: integer + format: int32 + version: + description: version is the level this availability applies to + type: string diff --git a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml index b58c93ed28..4b44f35bdc 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml @@ -1,6 +1,8 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: + annotations: + include.release.openshift.io/self-managed-high-availability: "true" name: clustercsidrivers.operator.openshift.io spec: group: operator.openshift.io @@ -8,157 +10,145 @@ spec: kind: ClusterCSIDriver plural: clustercsidrivers singular: clustercsidriver - preserveUnknownFields: false scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - description: ClusterCSIDriver object allows management and configuration of - a CSI driver operator installed by default in OpenShift. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - properties: - name: - enum: - - ebs.csi.aws.com-ebs - - manila.csi.openstack.org - - csi.ovirt.org - type: string - type: object - spec: - description: spec holds user settable values for configuration - properties: - driverConfig: - description: CSIDriverConfig is the CSI driver specific configuration - properties: - driverName: - description: DriverName holds the name of the CSI driver - enum: - - ebs.csi.aws.com-ebs - - manila.csi.openstack.org - - csi.ovirt.org - type: string - required: - - driverName - type: object - logLevel: - description: logLevel is an intent based logging for an overall component. It - does not give fine grained control, but it is a simple way to manage - coarse grained logging choices that operators have to interpret for - their operands. - type: string - managementState: - description: managementState indicates whether and how the operator - should manage the component - pattern: ^(Managed|Unmanaged|Force|Removed)$ - type: string - observedConfig: - description: observedConfig holds a sparse config that controller has - observed from the cluster state. It exists in spec because it is - an input to the level for the operator - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - operatorLogLevel: - description: operatorLogLevel is an intent based logging for the operator - itself. It does not give fine grained control, but it is a simple - way to manage coarse grained logging choices that operators have to - interpret for themselves. - type: string - unsupportedConfigOverrides: - description: 'unsupportedConfigOverrides holds a sparse config that - will override any previously set options. It only needs to be the - fields to override it will end up overlaying in the following order: - 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' - nullable: true - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - driverConfig - type: object - status: - description: status holds observed values from the cluster. They may not - be overridden. - properties: - conditions: - description: conditions is a list of conditions and their status - items: - description: OperatorCondition is just the standard condition fields. - properties: - lastTransitionTime: - format: date-time - type: string - message: - type: string - reason: - type: string - status: - type: string - type: - type: string - type: object - type: array - generations: - description: generations are used to determine when an item needs to - be reconciled or has changed in a way that needs a reaction. - items: - description: GenerationStatus keeps track of the generation for a - given resource so that decisions about forced updates can be made. - properties: - group: - description: group is the group of the thing you're tracking - type: string - hash: - description: hash is an optional field set for resources without - generation that are content sensitive like secrets and configmaps - type: string - lastGeneration: - description: lastGeneration is the last generation of the workload - controller involved - format: int64 - type: integer - name: - description: name is the name of the thing you're tracking - type: string - namespace: - description: namespace is where the thing you're tracking is - type: string - resource: - description: resource is the resource type of the thing you're - tracking - type: string - type: object - type: array - observedGeneration: - description: observedGeneration is the last generation change you've - dealt with - format: int64 - type: integer - readyReplicas: - description: readyReplicas indicates how many replicas are ready and - at the desired state - format: int32 - type: integer - version: - description: version is the level this availability applies to - type: string - type: object - required: - - spec - type: object - version: v1 versions: - name: v1 + schema: + openAPIV3Schema: + description: ClusterCSIDriver object allows management and configuration of + a CSI driver operator installed by default in OpenShift. Name of the object + must be name of the CSI driver it operates. See CSIDriverName type for list + of allowed values. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + properties: + name: + enum: + - ebs.csi.aws.com + - manila.csi.openstack.org + - csi.ovirt.org + type: string + type: object + spec: + description: spec holds user settable values for configuration + properties: + logLevel: + default: Normal + description: "logLevel is an intent based logging for an overall component. + \ It does not give fine grained control, but it is a simple way + to manage coarse grained logging choices that operators have to + interpret for their operands. \n Valid values are: \"Normal\", \"Debug\", + \"Trace\", \"TraceAll\". Defaults to \"Normal\"." + type: string + managementState: + description: managementState indicates whether and how the operator + should manage the component + pattern: ^(Managed|Unmanaged|Force|Removed)$ + type: string + observedConfig: + description: observedConfig holds a sparse config that controller + has observed from the cluster state. It exists in spec because + it is an input to the level for the operator + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + operatorLogLevel: + description: operatorLogLevel is an intent based logging for the operator + itself. It does not give fine grained control, but it is a simple + way to manage coarse grained logging choices that operators have + to interpret for themselves. + type: string + unsupportedConfigOverrides: + description: 'unsupportedConfigOverrides holds a sparse config that + will override any previously set options. It only needs to be the + fields to override it will end up overlaying in the following order: + 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides' + nullable: true + type: object + x-kubernetes-preserve-unknown-fields: true + type: object + status: + description: status holds observed values from the cluster. They may not + be overridden. + properties: + conditions: + description: conditions is a list of conditions and their status + items: + description: OperatorCondition is just the standard condition fields. + properties: + lastTransitionTime: + format: date-time + type: string + message: + type: string + reason: + type: string + status: + type: string + type: + type: string + type: object + type: array + generations: + description: generations are used to determine when an item needs + to be reconciled or has changed in a way that needs a reaction. + items: + description: GenerationStatus keeps track of the generation for + a given resource so that decisions about forced updates can be + made. + properties: + group: + description: group is the group of the thing you're tracking + type: string + hash: + description: hash is an optional field set for resources without + generation that are content sensitive like secrets and configmaps + type: string + lastGeneration: + description: lastGeneration is the last generation of the workload + controller involved + format: int64 + type: integer + name: + description: name is the name of the thing you're tracking + type: string + namespace: + description: namespace is where the thing you're tracking is + type: string + resource: + description: resource is the resource type of the thing you're + tracking + type: string + type: object + type: array + observedGeneration: + description: observedGeneration is the last generation change you've + dealt with + format: int64 + type: integer + readyReplicas: + description: readyReplicas indicates how many replicas are ready and + at the desired state + format: int32 + type: integer + version: + description: version is the level this availability applies to + type: string + type: object + required: + - spec + type: object served: true storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-merge-patch b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-merge-patch deleted file mode 100644 index d092b41102..0000000000 --- a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-merge-patch +++ /dev/null @@ -1,12 +0,0 @@ -spec: - validation: - openAPIV3Schema: - properties: - metadata: - properties: - name: - type: string - enum: - - ebs.csi.aws.com-ebs - - manila.csi.openstack.org - - csi.ovirt.org diff --git a/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch new file mode 100644 index 0000000000..22f3a12944 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/0000_90_cluster_csi_driver_01_config.crd.yaml-patch @@ -0,0 +1,9 @@ +- op: add + path: /spec/versions/name=v1/schema/openAPIV3Schema/properties/metadata/properties + value: + name: + type: string + enum: + - ebs.csi.aws.com + - manila.csi.openstack.org + - csi.ovirt.org diff --git a/vendor/github.com/openshift/api/operator/v1/register.go b/vendor/github.com/openshift/api/operator/v1/register.go index b7b13b76a6..71727a824c 100644 --- a/vendor/github.com/openshift/api/operator/v1/register.go +++ b/vendor/github.com/openshift/api/operator/v1/register.go @@ -36,6 +36,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { &AuthenticationList{}, &DNS{}, &DNSList{}, + &CloudCredential{}, + &CloudCredentialList{}, &ClusterCSIDriver{}, &ClusterCSIDriverList{}, &Console{}, diff --git a/vendor/github.com/openshift/api/operator/v1/types.go b/vendor/github.com/openshift/api/operator/v1/types.go index faf5a96c16..ed11b32191 100644 --- a/vendor/github.com/openshift/api/operator/v1/types.go +++ b/vendor/github.com/openshift/api/operator/v1/types.go @@ -51,7 +51,11 @@ type OperatorSpec struct { // logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a // simple way to manage coarse grained logging choices that operators have to interpret for their operands. + // + // Valid values are: "Normal", "Debug", "Trace", "TraceAll". + // Defaults to "Normal". // +optional + // +kubebuilder:default=Normal LogLevel LogLevel `json:"logLevel"` // operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a diff --git a/vendor/github.com/openshift/api/operator/v1/types_cloudcredential.go b/vendor/github.com/openshift/api/operator/v1/types_cloudcredential.go new file mode 100644 index 0000000000..bb17c89ff5 --- /dev/null +++ b/vendor/github.com/openshift/api/operator/v1/types_cloudcredential.go @@ -0,0 +1,73 @@ +package v1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// CloudCredential provides a means to configure an operator to manage CredentialsRequests. +type CloudCredential struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // +kubebuilder:validation:Required + // +required + Spec CloudCredentialSpec `json:"spec"` + // +optional + Status CloudCredentialStatus `json:"status"` +} + +// CloudCredentialsMode is the specified mode the cloud-credential-operator +// should reconcile CredentialsRequest with +// +kubebuilder:validation:Enum="";Manual;Mint;Passthrough +type CloudCredentialsMode string + +const ( + // CloudCredentialsModeManual tells cloud-credential-operator to not reconcile any CredentialsRequests + // (primarily used for the disconnected VPC use-cases). + CloudCredentialsModeManual CloudCredentialsMode = "Manual" + + // CloudCredentialsModeMint tells cloud-credential-operator to reconcile all CredentialsRequests + // by minting new users/credentials. + CloudCredentialsModeMint CloudCredentialsMode = "Mint" + + // CloudCredentialsModePassthrough tells cloud-credential-operator to reconcile all CredentialsRequests + // by copying the cloud-specific secret data. + CloudCredentialsModePassthrough CloudCredentialsMode = "Passthrough" + + // CloudCredentialsModeDefault puts CCO into the default mode of operation (per-cloud/platform defaults): + // AWS/Azure/GCP: dynamically determine cluster's cloud credential capabilities to affect + // processing of CredentialsRequests + // All other clouds/platforms (OpenStack, oVirt, vSphere, etc): run in "passthrough" mode + CloudCredentialsModeDefault CloudCredentialsMode = "" +) + +// CloudCredentialSpec is the specification of the desired behavior of the cloud-credential-operator. +type CloudCredentialSpec struct { + OperatorSpec `json:",inline"` + // CredentialsMode allows informing CCO that it should not attempt to dynamically + // determine the root cloud credentials capabilities, and it should just run in + // the specified mode. + // It also allows putting the operator into "manual" mode if desired. + // Leaving the field in default mode runs CCO so that the cluster's cloud credentials + // will be dynamically probed for capabilities (on supported clouds/platforms). + // +optional + CredentialsMode CloudCredentialsMode `json:"credentialsMode,omitempty"` +} + +// CloudCredentialStatus defines the observed status of the cloud-credential-operator. +type CloudCredentialStatus struct { + OperatorStatus `json:",inline"` +} + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +type CloudCredentialList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + + Items []CloudCredential `json:"items"` +} diff --git a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go index befd3da6da..e6217ab8c0 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go +++ b/vendor/github.com/openshift/api/operator/v1/types_csi_cluster_driver.go @@ -6,21 +6,20 @@ import ( // ClusterCSIDriver is used to manage and configure CSI driver installed by default // in OpenShift. An example configuration may look like: -// apiVersion: operator.openshift.io/v1alpha1 +// apiVersion: operator.openshift.io/v1 // kind: "ClusterCSIDriver" // metadata: -// name: "ebs.csi.aws.com-ebs" +// name: "ebs.csi.aws.com" // spec: // logLevel: Debug -// driverConfig: -// driverName: "ebs.csi.aws.com-ebs" // +genclient // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ClusterCSIDriver object allows management and configuration of a CSI driver operator -// installed by default in OpenShift. +// installed by default in OpenShift. Name of the object must be name of the CSI driver +// it operates. See CSIDriverName type for list of allowed values. type ClusterCSIDriver struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -36,13 +35,12 @@ type ClusterCSIDriver struct { } // CSIDriverName is the name of the CSI driver -// +kubebuilder:validation:Enum=ebs.csi.aws.com-ebs;manila.csi.openstack.org;csi.ovirt.org type CSIDriverName string // If you are adding a new driver name here, ensure that kubebuilder:validation:Enum is updated above // and 0000_90_cluster_csi_driver_01_config.crd.yaml-merge-patch file is also updated with new driver name. const ( - AWSEBSCSIDriver CSIDriverName = "ebs.csi.aws.com-ebs" + AWSEBSCSIDriver CSIDriverName = "ebs.csi.aws.com" ManilaCSIDriver CSIDriverName = "manila.csi.openstack.org" OvirtCSIDriver CSIDriverName = "csi.ovirt.org" ) @@ -50,9 +48,6 @@ const ( // ClusterCSIDriverSpec is the desired behavior of CSI driver operator type ClusterCSIDriverSpec struct { OperatorSpec `json:",inline"` - // +kubebuilder:validation:Required - // +required - DriverConfig CSIDriverConfig `json:"driverConfig"` } // ClusterCSIDriverStatus is the observed status of CSI driver operator @@ -60,15 +55,6 @@ type ClusterCSIDriverStatus struct { OperatorStatus `json:",inline"` } -// CSIDriverConfig is the CSI driver specific configuration -type CSIDriverConfig struct { - // DriverName holds the name of the CSI driver - // +kubebuilder:validation:Required - // +unionDiscriminator - // +required - DriverName CSIDriverName `json:"driverName"` -} - // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:object:root=true diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/vendor/github.com/openshift/api/operator/v1/types_ingress.go index b4938252e3..4b7bb2fb49 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/operator/v1/types_ingress.go @@ -99,6 +99,13 @@ type IngressControllerSpec struct { // the generated certificate's CA will be automatically integrated with the // cluster's trust store. // + // If a wildcard certificate is used and shared by multiple + // HTTP/2 enabled routes (which implies ALPN) then clients + // (i.e., notably browsers) are at liberty to reuse open + // connections. This means a client can reuse a connection to + // another route and that is likely to fail. This behaviour is + // generally known as connection coalescing. + // // The in-use certificate (whether generated or user-specified) will be // automatically integrated with OpenShift's built-in OAuth server. // @@ -278,9 +285,19 @@ type ProviderLoadBalancerParameters struct { // load balancer. Allowed values are "AWS", "Azure", "BareMetal", "GCP", // "OpenStack", and "VSphere". // -// +kubebuilder:validation:Enum=AWS;Azure;BareMetal;GCP;OpenStack;VSphere +// +kubebuilder:validation:Enum=AWS;Azure;BareMetal;GCP;OpenStack;VSphere;IBM type LoadBalancerProviderType string +const ( + AWSLoadBalancerProvider LoadBalancerProviderType = "AWS" + AzureLoadBalancerProvider LoadBalancerProviderType = "Azure" + GCPLoadBalancerProvider LoadBalancerProviderType = "GCP" + OpenStackLoadBalancerProvider LoadBalancerProviderType = "OpenStack" + VSphereLoadBalancerProvider LoadBalancerProviderType = "VSphere" + IBMLoadBalancerProvider LoadBalancerProviderType = "IBM" + BareMetalLoadBalancerProvider LoadBalancerProviderType = "BareMetal" +) + // AWSLoadBalancerParameters provides configuration settings that are // specific to AWS load balancers. // +union @@ -585,6 +602,112 @@ type LoggingDestination struct { Container *ContainerLoggingDestinationParameters `json:"container,omitempty"` } +// IngressControllerCaptureHTTPHeader describes an HTTP header that should be +// captured. +type IngressControllerCaptureHTTPHeader struct { + // name specifies a header name. Its value must be a valid HTTP header + // name as defined in RFC 2616 section 4.2. + // + // +kubebuilder:validation:Required + // +kubebuilder:validation:Pattern="^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$" + // +required + Name string `json:"name"` + + // maxLength specifies a maximum length for the header value. If a + // header value exceeds this length, the value will be truncated in the + // log message. Note that the ingress controller may impose a separate + // bound on the total length of HTTP headers in a request. + // + // +kubebuilder:validation:Required + // +kubebuilder:validation:Minimum=1 + // +required + MaxLength int `json:"maxLength"` +} + +// IngressControllerCaptureHTTPHeaders specifies which HTTP headers the +// IngressController captures. +type IngressControllerCaptureHTTPHeaders struct { + // request specifies which HTTP request headers to capture. + // + // If this field is empty, no request headers are captured. + // + // +nullable + // +optional + Request []IngressControllerCaptureHTTPHeader `json:"request,omitempty"` + + // response specifies which HTTP response headers to capture. + // + // If this field is empty, no response headers are captured. + // + // +nullable + // +optional + Response []IngressControllerCaptureHTTPHeader `json:"response,omitempty"` +} + +// CookieMatchType indicates the type of matching used against cookie names to +// select a cookie for capture. +// +kubebuilder:validation:Enum=Exact;Prefix +type CookieMatchType string + +const ( + // CookieMatchTypeExact indicates that an exact string match should be + // performed. + CookieMatchTypeExact CookieMatchType = "Exact" + // CookieMatchTypePrefix indicates that a string prefix match should be + // performed. + CookieMatchTypePrefix CookieMatchType = "Prefix" +) + +// IngressControllerCaptureHTTPCookie describes an HTTP cookie that should be +// captured. +// +union +type IngressControllerCaptureHTTPCookie struct { + // matchType specifies the type of match to be performed on the cookie + // name. Allowed values are "Exact" for an exact string match and + // "Prefix" for a string prefix match. If "Exact" is specified, a name + // must be specified in the name field. If "Prefix" is provided, a + // prefix must be specified in the namePrefix field. For example, + // specifying matchType "Prefix" and namePrefix "foo" will capture a + // cookie named "foo" or "foobar" but not one named "bar". The first + // matching cookie is captured. + // + // +unionDiscriminator + // +kubebuilder:validation:Required + // +required + MatchType CookieMatchType `json:"matchType,omitempty"` + + // name specifies a cookie name. Its value must be a valid HTTP cookie + // name as defined in RFC 6265 section 4.1. + // + // +kubebuilder:validation:Pattern="^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$" + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=1024 + // +optional + Name string `json:"name"` + + // namePrefix specifies a cookie name prefix. Its value must be a valid + // HTTP cookie name as defined in RFC 6265 section 4.1. + // + // +kubebuilder:validation:Pattern="^[-!#$%&'*+.0-9A-Z^_`a-z|~]*$" + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=1024 + // +optional + NamePrefix string `json:"namePrefix"` + + // maxLength specifies a maximum length of the string that will be + // logged, which includes the cookie name, cookie value, and + // one-character delimiter. If the log entry exceeds this length, the + // value will be truncated in the log message. Note that the ingress + // controller may impose a separate bound on the total length of HTTP + // headers in a request. + // + // +kubebuilder:validation:Required + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=1024 + // +required + MaxLength int `json:"maxLength"` +} + // AccessLogging describes how client requests should be logged. type AccessLogging struct { // destination is where access logs go. @@ -601,8 +724,34 @@ type AccessLogging struct { // HAProxy documentation: // http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 // + // Note that this format only applies to cleartext HTTP connections + // and to secure HTTP connections for which the ingress controller + // terminates encryption (that is, edge-terminated or reencrypt + // connections). It does not affect the log format for TLS passthrough + // connections. + // // +optional HttpLogFormat string `json:"httpLogFormat,omitempty"` + + // httpCaptureHeaders defines HTTP headers that should be captured in + // access logs. If this field is empty, no headers are captured. + // + // Note that this option only applies to cleartext HTTP connections + // and to secure HTTP connections for which the ingress controller + // terminates encryption (that is, edge-terminated or reencrypt + // connections). Headers cannot be captured for TLS passthrough + // connections. + // + // +optional + HTTPCaptureHeaders IngressControllerCaptureHTTPHeaders `json:"httpCaptureHeaders,omitempty"` + + // httpCaptureCookies specifies HTTP cookies that should be captured in + // access logs. If this field is empty, no cookies are captured. + // + // +nullable + // +optional + // +kubebuilder:validation:MaxItems=1 + HTTPCaptureCookies []IngressControllerCaptureHTTPCookie `json:"httpCaptureCookies,omitempty"` } // IngressControllerLogging describes what should be logged where. @@ -632,6 +781,35 @@ const ( NeverHTTPHeaderPolicy IngressControllerHTTPHeaderPolicy = "Never" ) +// IngressControllerHTTPUniqueIdHeaderPolicy describes configuration for a +// unique id header. +type IngressControllerHTTPUniqueIdHeaderPolicy struct { + // name specifies the name of the HTTP header (for example, "unique-id") + // that the ingress controller should inject into HTTP requests. The + // field's value must be a valid HTTP header name as defined in RFC 2616 + // section 4.2. If the field is empty, no header is injected. + // + // +optional + // +kubebuilder:validation:Pattern="^$|^[-!#$%&'*+.0-9A-Z^_`a-z|~]+$" + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=1024 + Name string `json:"name,omitempty"` + + // format specifies the format for the injected HTTP header's value. + // This field has no effect unless name is specified. For the + // HAProxy-based ingress controller implementation, this format uses the + // same syntax as the HTTP log format. If the field is empty, the + // default value is "%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid"; see the + // corresponding HAProxy documentation: + // http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3 + // + // +optional + // +kubebuilder:validation:Pattern="^(%(%|(\\{[-+]?[QXE](,[-+]?[QXE])*\\})?([A-Za-z]+|\\[[.0-9A-Z_a-z]+(\\([^)]+\\))?(,[.0-9A-Z_a-z]+(\\([^)]+\\))?)*\\]))|[^%[:cntrl:]])*$" + // +kubebuilder:validation:MinLength=0 + // +kubebuilder:validation:MaxLength=1024 + Format string `json:"format,omitempty"` +} + // IngressControllerHTTPHeaders specifies how the IngressController handles // certain HTTP headers. type IngressControllerHTTPHeaders struct { @@ -656,6 +834,18 @@ type IngressControllerHTTPHeaders struct { // // +optional ForwardedHeaderPolicy IngressControllerHTTPHeaderPolicy `json:"forwardedHeaderPolicy,omitempty"` + + // uniqueId describes configuration for a custom HTTP header that the + // ingress controller should inject into incoming HTTP requests. + // Typically, this header is configured to have a value that is unique + // to the HTTP request. The header can be used by applications or + // included in access logs to facilitate tracing individual HTTP + // requests. + // + // If this field is empty, no such header is injected into requests. + // + // +optional + UniqueId IngressControllerHTTPUniqueIdHeaderPolicy `json:"uniqueId,omitempty"` } var ( diff --git a/vendor/github.com/openshift/api/operator/v1/types_network.go b/vendor/github.com/openshift/api/operator/v1/types_network.go index 834fb2b704..7e678d11ae 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_network.go +++ b/vendor/github.com/openshift/api/operator/v1/types_network.go @@ -79,12 +79,14 @@ type NetworkSpec struct { } // ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size -// HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. +// HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If +// the HostPrefix field is not used by the plugin, it can be left unset. // Not all network providers support multiple ClusterNetworks type ClusterNetworkEntry struct { CIDR string `json:"cidr"` // +kubebuilder:validation:Minimum=0 - HostPrefix uint32 `json:"hostPrefix"` + // +optional + HostPrefix uint32 `json:"hostPrefix,omitempty"` } // DefaultNetworkDefinition represents a single network plugin's configuration. diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index ab73668bc2..4fbc10cf23 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -73,6 +73,12 @@ func (in *AWSNetworkLoadBalancerParameters) DeepCopy() *AWSNetworkLoadBalancerPa func (in *AccessLogging) DeepCopyInto(out *AccessLogging) { *out = *in in.Destination.DeepCopyInto(&out.Destination) + in.HTTPCaptureHeaders.DeepCopyInto(&out.HTTPCaptureHeaders) + if in.HTTPCaptureCookies != nil { + in, out := &in.HTTPCaptureCookies, &out.HTTPCaptureCookies + *out = make([]IngressControllerCaptureHTTPCookie, len(*in)) + copy(*out, *in) + } return } @@ -203,22 +209,6 @@ func (in *AuthenticationStatus) DeepCopy() *AuthenticationStatus { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *CSIDriverConfig) DeepCopyInto(out *CSIDriverConfig) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CSIDriverConfig. -func (in *CSIDriverConfig) DeepCopy() *CSIDriverConfig { - if in == nil { - return nil - } - out := new(CSIDriverConfig) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CSISnapshotController) DeepCopyInto(out *CSISnapshotController) { *out = *in @@ -314,6 +304,101 @@ func (in *CSISnapshotControllerStatus) DeepCopy() *CSISnapshotControllerStatus { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudCredential) DeepCopyInto(out *CloudCredential) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + in.Status.DeepCopyInto(&out.Status) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudCredential. +func (in *CloudCredential) DeepCopy() *CloudCredential { + if in == nil { + return nil + } + out := new(CloudCredential) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CloudCredential) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudCredentialList) DeepCopyInto(out *CloudCredentialList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]CloudCredential, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudCredentialList. +func (in *CloudCredentialList) DeepCopy() *CloudCredentialList { + if in == nil { + return nil + } + out := new(CloudCredentialList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *CloudCredentialList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudCredentialSpec) DeepCopyInto(out *CloudCredentialSpec) { + *out = *in + in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudCredentialSpec. +func (in *CloudCredentialSpec) DeepCopy() *CloudCredentialSpec { + if in == nil { + return nil + } + out := new(CloudCredentialSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *CloudCredentialStatus) DeepCopyInto(out *CloudCredentialStatus) { + *out = *in + in.OperatorStatus.DeepCopyInto(&out.OperatorStatus) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CloudCredentialStatus. +func (in *CloudCredentialStatus) DeepCopy() *CloudCredentialStatus { + if in == nil { + return nil + } + out := new(CloudCredentialStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ClusterCSIDriver) DeepCopyInto(out *ClusterCSIDriver) { *out = *in @@ -379,7 +464,6 @@ func (in *ClusterCSIDriverList) DeepCopyObject() runtime.Object { func (in *ClusterCSIDriverSpec) DeepCopyInto(out *ClusterCSIDriverSpec) { *out = *in in.OperatorSpec.DeepCopyInto(&out.OperatorSpec) - out.DriverConfig = in.DriverConfig return } @@ -1087,9 +1171,68 @@ func (in *IngressController) DeepCopyObject() runtime.Object { return nil } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerCaptureHTTPCookie) DeepCopyInto(out *IngressControllerCaptureHTTPCookie) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerCaptureHTTPCookie. +func (in *IngressControllerCaptureHTTPCookie) DeepCopy() *IngressControllerCaptureHTTPCookie { + if in == nil { + return nil + } + out := new(IngressControllerCaptureHTTPCookie) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerCaptureHTTPHeader) DeepCopyInto(out *IngressControllerCaptureHTTPHeader) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerCaptureHTTPHeader. +func (in *IngressControllerCaptureHTTPHeader) DeepCopy() *IngressControllerCaptureHTTPHeader { + if in == nil { + return nil + } + out := new(IngressControllerCaptureHTTPHeader) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerCaptureHTTPHeaders) DeepCopyInto(out *IngressControllerCaptureHTTPHeaders) { + *out = *in + if in.Request != nil { + in, out := &in.Request, &out.Request + *out = make([]IngressControllerCaptureHTTPHeader, len(*in)) + copy(*out, *in) + } + if in.Response != nil { + in, out := &in.Response, &out.Response + *out = make([]IngressControllerCaptureHTTPHeader, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerCaptureHTTPHeaders. +func (in *IngressControllerCaptureHTTPHeaders) DeepCopy() *IngressControllerCaptureHTTPHeaders { + if in == nil { + return nil + } + out := new(IngressControllerCaptureHTTPHeaders) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressControllerHTTPHeaders) DeepCopyInto(out *IngressControllerHTTPHeaders) { *out = *in + out.UniqueId = in.UniqueId return } @@ -1103,6 +1246,22 @@ func (in *IngressControllerHTTPHeaders) DeepCopy() *IngressControllerHTTPHeaders return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *IngressControllerHTTPUniqueIdHeaderPolicy) DeepCopyInto(out *IngressControllerHTTPUniqueIdHeaderPolicy) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IngressControllerHTTPUniqueIdHeaderPolicy. +func (in *IngressControllerHTTPUniqueIdHeaderPolicy) DeepCopy() *IngressControllerHTTPUniqueIdHeaderPolicy { + if in == nil { + return nil + } + out := new(IngressControllerHTTPUniqueIdHeaderPolicy) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *IngressControllerList) DeepCopyInto(out *IngressControllerList) { *out = *in diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index c3ba371d1d..f4cef5edd3 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -57,7 +57,7 @@ func (OperatorCondition) SwaggerDoc() map[string]string { var map_OperatorSpec = map[string]string{ "": "OperatorSpec contains common fields operators need. It is intended to be anonymous included inside of the Spec struct for your particular operator.", "managementState": "managementState indicates whether and how the operator should manage the component", - "logLevel": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.", + "logLevel": "logLevel is an intent based logging for an overall component. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for their operands.\n\nValid values are: \"Normal\", \"Debug\", \"Trace\", \"TraceAll\". Defaults to \"Normal\".", "operatorLogLevel": "operatorLogLevel is an intent based logging for the operator itself. It does not give fine grained control, but it is a simple way to manage coarse grained logging choices that operators have to interpret for themselves.", "unsupportedConfigOverrides": "unsupportedConfigOverrides holds a sparse config that will override any previously set options. It only needs to be the fields to override it will end up overlaying in the following order: 1. hardcoded defaults 2. observedConfig 3. unsupportedConfigOverrides", "observedConfig": "observedConfig holds a sparse config that controller has observed from the cluster state. It exists in spec because it is an input to the level for the operator", @@ -134,6 +134,31 @@ func (OAuthAPIServerStatus) SwaggerDoc() map[string]string { return map_OAuthAPIServerStatus } +var map_CloudCredential = map[string]string{ + "": "CloudCredential provides a means to configure an operator to manage CredentialsRequests.", +} + +func (CloudCredential) SwaggerDoc() map[string]string { + return map_CloudCredential +} + +var map_CloudCredentialSpec = map[string]string{ + "": "CloudCredentialSpec is the specification of the desired behavior of the cloud-credential-operator.", + "credentialsMode": "CredentialsMode allows informing CCO that it should not attempt to dynamically determine the root cloud credentials capabilities, and it should just run in the specified mode. It also allows putting the operator into \"manual\" mode if desired. Leaving the field in default mode runs CCO so that the cluster's cloud credentials will be dynamically probed for capabilities (on supported clouds/platforms).", +} + +func (CloudCredentialSpec) SwaggerDoc() map[string]string { + return map_CloudCredentialSpec +} + +var map_CloudCredentialStatus = map[string]string{ + "": "CloudCredentialStatus defines the observed status of the cloud-credential-operator.", +} + +func (CloudCredentialStatus) SwaggerDoc() map[string]string { + return map_CloudCredentialStatus +} + var map_Config = map[string]string{ "": "Config provides information to configure the config operator.", "spec": "spec is the specification of the desired behavior of the Config Operator.", @@ -220,17 +245,8 @@ func (StatuspageProvider) SwaggerDoc() map[string]string { return map_StatuspageProvider } -var map_CSIDriverConfig = map[string]string{ - "": "CSIDriverConfig is the CSI driver specific configuration", - "driverName": "DriverName holds the name of the CSI driver", -} - -func (CSIDriverConfig) SwaggerDoc() map[string]string { - return map_CSIDriverConfig -} - var map_ClusterCSIDriver = map[string]string{ - "": "ClusterCSIDriver object allows management and configuration of a CSI driver operator installed by default in OpenShift.", + "": "ClusterCSIDriver object allows management and configuration of a CSI driver operator installed by default in OpenShift. Name of the object must be name of the CSI driver it operates. See CSIDriverName type for list of allowed values.", "spec": "spec holds user settable values for configuration", "status": "status holds observed values from the cluster. They may not be overridden.", } @@ -400,9 +416,11 @@ func (AWSNetworkLoadBalancerParameters) SwaggerDoc() map[string]string { } var map_AccessLogging = map[string]string{ - "": "AccessLogging describes how client requests should be logged.", - "destination": "destination is where access logs go.", - "httpLogFormat": "httpLogFormat specifies the format of the log message for an HTTP request.\n\nIf this field is empty, log messages use the implementation's default HTTP log format. For HAProxy's default HTTP log format, see the HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3", + "": "AccessLogging describes how client requests should be logged.", + "destination": "destination is where access logs go.", + "httpLogFormat": "httpLogFormat specifies the format of the log message for an HTTP request.\n\nIf this field is empty, log messages use the implementation's default HTTP log format. For HAProxy's default HTTP log format, see the HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3\n\nNote that this format only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). It does not affect the log format for TLS passthrough connections.", + "httpCaptureHeaders": "httpCaptureHeaders defines HTTP headers that should be captured in access logs. If this field is empty, no headers are captured.\n\nNote that this option only applies to cleartext HTTP connections and to secure HTTP connections for which the ingress controller terminates encryption (that is, edge-terminated or reencrypt connections). Headers cannot be captured for TLS passthrough connections.", + "httpCaptureCookies": "httpCaptureCookies specifies HTTP cookies that should be captured in access logs. If this field is empty, no cookies are captured.", } func (AccessLogging) SwaggerDoc() map[string]string { @@ -448,15 +466,58 @@ func (IngressController) SwaggerDoc() map[string]string { return map_IngressController } +var map_IngressControllerCaptureHTTPCookie = map[string]string{ + "": "IngressControllerCaptureHTTPCookie describes an HTTP cookie that should be captured.", + "matchType": "matchType specifies the type of match to be performed on the cookie name. Allowed values are \"Exact\" for an exact string match and \"Prefix\" for a string prefix match. If \"Exact\" is specified, a name must be specified in the name field. If \"Prefix\" is provided, a prefix must be specified in the namePrefix field. For example, specifying matchType \"Prefix\" and namePrefix \"foo\" will capture a cookie named \"foo\" or \"foobar\" but not one named \"bar\". The first matching cookie is captured.", + "name": "name specifies a cookie name. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", + "namePrefix": "namePrefix specifies a cookie name prefix. Its value must be a valid HTTP cookie name as defined in RFC 6265 section 4.1.", + "maxLength": "maxLength specifies a maximum length of the string that will be logged, which includes the cookie name, cookie value, and one-character delimiter. If the log entry exceeds this length, the value will be truncated in the log message. Note that the ingress controller may impose a separate bound on the total length of HTTP headers in a request.", +} + +func (IngressControllerCaptureHTTPCookie) SwaggerDoc() map[string]string { + return map_IngressControllerCaptureHTTPCookie +} + +var map_IngressControllerCaptureHTTPHeader = map[string]string{ + "": "IngressControllerCaptureHTTPHeader describes an HTTP header that should be captured.", + "name": "name specifies a header name. Its value must be a valid HTTP header name as defined in RFC 2616 section 4.2.", + "maxLength": "maxLength specifies a maximum length for the header value. If a header value exceeds this length, the value will be truncated in the log message. Note that the ingress controller may impose a separate bound on the total length of HTTP headers in a request.", +} + +func (IngressControllerCaptureHTTPHeader) SwaggerDoc() map[string]string { + return map_IngressControllerCaptureHTTPHeader +} + +var map_IngressControllerCaptureHTTPHeaders = map[string]string{ + "": "IngressControllerCaptureHTTPHeaders specifies which HTTP headers the IngressController captures.", + "request": "request specifies which HTTP request headers to capture.\n\nIf this field is empty, no request headers are captured.", + "response": "response specifies which HTTP response headers to capture.\n\nIf this field is empty, no response headers are captured.", +} + +func (IngressControllerCaptureHTTPHeaders) SwaggerDoc() map[string]string { + return map_IngressControllerCaptureHTTPHeaders +} + var map_IngressControllerHTTPHeaders = map[string]string{ "": "IngressControllerHTTPHeaders specifies how the IngressController handles certain HTTP headers.", "forwardedHeaderPolicy": "forwardedHeaderPolicy specifies when and how the IngressController sets the Forwarded, X-Forwarded-For, X-Forwarded-Host, X-Forwarded-Port, X-Forwarded-Proto, and X-Forwarded-Proto-Version HTTP headers. The value may be one of the following:\n\n* \"Append\", which specifies that the IngressController appends the\n headers, preserving existing headers.\n\n* \"Replace\", which specifies that the IngressController sets the\n headers, replacing any existing Forwarded or X-Forwarded-* headers.\n\n* \"IfNone\", which specifies that the IngressController sets the\n headers if they are not already set.\n\n* \"Never\", which specifies that the IngressController never sets the\n headers, preserving any existing headers.\n\nBy default, the policy is \"Append\".", + "uniqueId": "uniqueId describes configuration for a custom HTTP header that the ingress controller should inject into incoming HTTP requests. Typically, this header is configured to have a value that is unique to the HTTP request. The header can be used by applications or included in access logs to facilitate tracing individual HTTP requests.\n\nIf this field is empty, no such header is injected into requests.", } func (IngressControllerHTTPHeaders) SwaggerDoc() map[string]string { return map_IngressControllerHTTPHeaders } +var map_IngressControllerHTTPUniqueIdHeaderPolicy = map[string]string{ + "": "IngressControllerHTTPUniqueIdHeaderPolicy describes configuration for a unique id header.", + "name": "name specifies the name of the HTTP header (for example, \"unique-id\") that the ingress controller should inject into HTTP requests. The field's value must be a valid HTTP header name as defined in RFC 2616 section 4.2. If the field is empty, no header is injected.", + "format": "format specifies the format for the injected HTTP header's value. This field has no effect unless name is specified. For the HAProxy-based ingress controller implementation, this format uses the same syntax as the HTTP log format. If the field is empty, the default value is \"%{+X}o\\ %ci:%cp_%fi:%fp_%Ts_%rt:%pid\"; see the corresponding HAProxy documentation: http://cbonte.github.io/haproxy-dconv/2.0/configuration.html#8.2.3", +} + +func (IngressControllerHTTPUniqueIdHeaderPolicy) SwaggerDoc() map[string]string { + return map_IngressControllerHTTPUniqueIdHeaderPolicy +} + var map_IngressControllerList = map[string]string{ "": "IngressControllerList contains a list of IngressControllers.", } @@ -479,7 +540,7 @@ var map_IngressControllerSpec = map[string]string{ "domain": "domain is a DNS name serviced by the ingress controller and is used to configure multiple features:\n\n* For the LoadBalancerService endpoint publishing strategy, domain is\n used to configure DNS records. See endpointPublishingStrategy.\n\n* When using a generated default certificate, the certificate will be valid\n for domain and its subdomains. See defaultCertificate.\n\n* The value is published to individual Route statuses so that end-users\n know where to target external DNS records.\n\ndomain must be unique among all IngressControllers, and cannot be updated.\n\nIf empty, defaults to ingress.config.openshift.io/cluster .spec.domain.", "replicas": "replicas is the desired number of ingress controller replicas. If unset, defaults to 2.", "endpointPublishingStrategy": "endpointPublishingStrategy is used to publish the ingress controller endpoints to other networks, enable load balancer integrations, etc.\n\nIf unset, the default is based on infrastructure.config.openshift.io/cluster .status.platform:\n\n AWS: LoadBalancerService (with External scope)\n Azure: LoadBalancerService (with External scope)\n GCP: LoadBalancerService (with External scope)\n IBMCloud: LoadBalancerService (with External scope)\n Libvirt: HostNetwork\n\nAny other platform types (including None) default to HostNetwork.\n\nendpointPublishingStrategy cannot be updated.", - "defaultCertificate": "defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes don't specify their own certificate, defaultCertificate is used.\n\nThe secret must contain the following keys and data:\n\n tls.crt: certificate file contents\n tls.key: key file contents\n\nIf unset, a wildcard certificate is automatically generated and used. The certificate is valid for the ingress controller domain (and subdomains) and the generated certificate's CA will be automatically integrated with the cluster's trust store.\n\nThe in-use certificate (whether generated or user-specified) will be automatically integrated with OpenShift's built-in OAuth server.", + "defaultCertificate": "defaultCertificate is a reference to a secret containing the default certificate served by the ingress controller. When Routes don't specify their own certificate, defaultCertificate is used.\n\nThe secret must contain the following keys and data:\n\n tls.crt: certificate file contents\n tls.key: key file contents\n\nIf unset, a wildcard certificate is automatically generated and used. The certificate is valid for the ingress controller domain (and subdomains) and the generated certificate's CA will be automatically integrated with the cluster's trust store.\n\nIf a wildcard certificate is used and shared by multiple HTTP/2 enabled routes (which implies ALPN) then clients (i.e., notably browsers) are at liberty to reuse open connections. This means a client can reuse a connection to another route and that is likely to fail. This behaviour is generally known as connection coalescing.\n\nThe in-use certificate (whether generated or user-specified) will be automatically integrated with OpenShift's built-in OAuth server.", "namespaceSelector": "namespaceSelector is used to filter the set of namespaces serviced by the ingress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", "routeSelector": "routeSelector is used to filter the set of Routes serviced by the ingress controller. This is useful for implementing shards.\n\nIf unset, the default is no filtering.", "nodePlacement": "nodePlacement enables explicit control over the scheduling of the ingress controller.\n\nIf unset, defaults are used. See NodePlacement for more details.", @@ -655,7 +716,7 @@ func (AdditionalNetworkDefinition) SwaggerDoc() map[string]string { } var map_ClusterNetworkEntry = map[string]string{ - "": "ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. Not all network providers support multiple ClusterNetworks", + "": "ClusterNetworkEntry is a subnet from which to allocate PodIPs. A network of size HostPrefix (in CIDR notation) will be allocated when nodes join the cluster. If the HostPrefix field is not used by the plugin, it can be left unset. Not all network providers support multiple ClusterNetworks", } func (ClusterNetworkEntry) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml index b28b0415c9..66cb5c6a3e 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml @@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: imagecontentsourcepolicies.operator.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: operator.openshift.io scope: Cluster diff --git a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/0000_10-pod-network-connectivity-check.crd.yaml b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/0000_10-pod-network-connectivity-check.crd.yaml index ddd34c42e1..5cc8e56f90 100644 --- a/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/0000_10-pod-network-connectivity-check.crd.yaml +++ b/vendor/github.com/openshift/api/operatorcontrolplane/v1alpha1/0000_10-pod-network-connectivity-check.crd.yaml @@ -1,6 +1,8 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: + annotations: + include.release.openshift.io/self-managed-high-availability: "true" creationTimestamp: null name: podnetworkconnectivitychecks.controlplane.operator.openshift.io spec: diff --git a/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml b/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml index 8c425675c8..8382490414 100644 --- a/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml +++ b/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml @@ -1,6 +1,8 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: + annotations: + include.release.openshift.io/self-managed-high-availability: "true" name: clusterresourcequotas.quota.openshift.io spec: group: quota.openshift.io @@ -39,6 +41,10 @@ spec: properties: hard: additionalProperties: + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ type: "" x-kubernetes-int-or-string: true description: 'hard is the set of desired hard limits for each named @@ -174,13 +180,21 @@ spec: properties: hard: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' type: object used: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: Used is the current observed total usage of the resource in the namespace. type: object @@ -197,13 +211,21 @@ spec: properties: hard: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: 'Hard is the set of enforced hard limits for each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' type: object used: additionalProperties: - type: string + anyOf: + - type: integer + - type: string + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true description: Used is the current observed total usage of the resource in the namespace. type: object diff --git a/vendor/github.com/openshift/api/route/v1/generated.proto b/vendor/github.com/openshift/api/route/v1/generated.proto index 24476e1a3c..c4bc446e34 100644 --- a/vendor/github.com/openshift/api/route/v1/generated.proto +++ b/vendor/github.com/openshift/api/route/v1/generated.proto @@ -30,6 +30,14 @@ option go_package = "v1"; // return information to clients about the names and states of the route under each router. // If a client chooses a duplicate name, for instance, the route status conditions are used // to indicate the route cannot be chosen. +// +// To enable HTTP/2 ALPN on a route it requires a custom +// (non-wildcard) certificate. This prevents connection coalescing by +// clients, notably web browsers. We do not support HTTP/2 ALPN on +// routes that use the default certificate because of the risk of +// connection re-use/coalescing. Routes that do not have their own +// custom certificate will not be HTTP/2 ALPN-enabled on either the +// frontend or the backend. message Route { optional k8s.io.apimachinery.pkg.apis.meta.v1.ObjectMeta metadata = 1; diff --git a/vendor/github.com/openshift/api/route/v1/types.go b/vendor/github.com/openshift/api/route/v1/types.go index 6c9d80b98a..9e59c69782 100644 --- a/vendor/github.com/openshift/api/route/v1/types.go +++ b/vendor/github.com/openshift/api/route/v1/types.go @@ -26,6 +26,14 @@ import ( // return information to clients about the names and states of the route under each router. // If a client chooses a duplicate name, for instance, the route status conditions are used // to indicate the route cannot be chosen. +// +// To enable HTTP/2 ALPN on a route it requires a custom +// (non-wildcard) certificate. This prevents connection coalescing by +// clients, notably web browsers. We do not support HTTP/2 ALPN on +// routes that use the default certificate because of the risk of +// connection re-use/coalescing. Routes that do not have their own +// custom certificate will not be HTTP/2 ALPN-enabled on either the +// frontend or the backend. type Route struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"` diff --git a/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go index c0fc24b653..9974795f62 100644 --- a/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/route/v1/zz_generated.swagger_doc_generated.go @@ -12,7 +12,7 @@ package v1 // AUTO-GENERATED FUNCTIONS START HERE var map_Route = map[string]string{ - "": "A route allows developers to expose services through an HTTP(S) aware load balancing and proxy layer via a public DNS entry. The route may further specify TLS options and a certificate, or specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An administrator typically configures their router to be visible outside the cluster firewall, and may also add additional security, caching, or traffic controls on the service content. Routers usually talk directly to the service endpoints.\n\nOnce a route is created, the `host` field may not be changed. Generally, routers use the oldest route with a given host when resolving conflicts.\n\nRouters are subject to additional customization and may support additional controls via the annotations field.\n\nBecause administrators may configure multiple routers, the route status field is used to return information to clients about the names and states of the route under each router. If a client chooses a duplicate name, for instance, the route status conditions are used to indicate the route cannot be chosen.", + "": "A route allows developers to expose services through an HTTP(S) aware load balancing and proxy layer via a public DNS entry. The route may further specify TLS options and a certificate, or specify a public CNAME that the router should also accept for HTTP and HTTPS traffic. An administrator typically configures their router to be visible outside the cluster firewall, and may also add additional security, caching, or traffic controls on the service content. Routers usually talk directly to the service endpoints.\n\nOnce a route is created, the `host` field may not be changed. Generally, routers use the oldest route with a given host when resolving conflicts.\n\nRouters are subject to additional customization and may support additional controls via the annotations field.\n\nBecause administrators may configure multiple routers, the route status field is used to return information to clients about the names and states of the route under each router. If a client chooses a duplicate name, for instance, the route status conditions are used to indicate the route cannot be chosen.\n\nTo enable HTTP/2 ALPN on a route it requires a custom (non-wildcard) certificate. This prevents connection coalescing by clients, notably web browsers. We do not support HTTP/2 ALPN on routes that use the default certificate because of the risk of connection re-use/coalescing. Routes that do not have their own custom certificate will not be HTTP/2 ALPN-enabled on either the frontend or the backend.", "spec": "spec is the desired state of the route", "status": "status is the current state of the route", } diff --git a/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml b/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml index 80d451c647..e8f10ce7d8 100644 --- a/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml +++ b/vendor/github.com/openshift/api/security/v1/0000_03_security-openshift_01_scc.crd.yaml @@ -2,6 +2,8 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: securitycontextconstraints.security.openshift.io + annotations: + include.release.openshift.io/self-managed-high-availability: "true" spec: group: security.openshift.io names: diff --git a/vendor/github.com/openshift/build-machinery-go/make/lib/golang.mk b/vendor/github.com/openshift/build-machinery-go/make/lib/golang.mk index 857ddc9b57..3841aff135 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/lib/golang.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/lib/golang.mk @@ -17,7 +17,7 @@ GOFMT_FLAGS ?=-s -l GOLINT ?=golint go_version :=$(shell $(GO) version | sed -E -e 's/.*go([0-9]+.[0-9]+.[0-9]+).*/\1/') -GO_REQUIRED_MIN_VERSION ?=1.13.4 +GO_REQUIRED_MIN_VERSION ?=1.14.4 ifneq "$(GO_REQUIRED_MIN_VERSION)" "" $(call require_minimal_version,$(GO),GO_REQUIRED_MIN_VERSION,$(go_version)) endif diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/controller-gen.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/controller-gen.mk index eeb29d7d35..c8dc0ac46e 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/controller-gen.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/controller-gen.mk @@ -1,6 +1,6 @@ self_dir :=$(dir $(lastword $(MAKEFILE_LIST))) -CONTROLLER_GEN_VERSION ?=v0.2.1-37-ga3cca5d +CONTROLLER_GEN_VERSION ?=v0.2.5 CONTROLLER_GEN ?=$(PERMANENT_TMP_GOPATH)/bin/controller-gen controller_gen_dir :=$(dir $(CONTROLLER_GEN)) diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/crd-schema-gen.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/crd-schema-gen.mk index ce8d22f72d..3a24a57e15 100644 --- a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/crd-schema-gen.mk +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/crd-schema-gen.mk @@ -2,11 +2,19 @@ self_dir :=$(dir $(lastword $(MAKEFILE_LIST))) # $1 - crd file # $2 - patch file -define patch-crd +define patch-crd-yq $(YQ) m -i -x '$(1)' '$(2)' endef +# $1 - crd file +# $2 - patch file +define patch-crd-yaml-patch + $(YAML_PATCH) -o '$(2)' < '$(1)' > '$(1).patched' + mv '$(1).patched' '$(1)' + +endef + empty := define diff-file @@ -22,7 +30,8 @@ define run-crd-gen schemapatch:manifests="$(2)" \ paths="$(subst $(empty) ,;,$(1))" \ output:dir="$(3)" - $$(foreach p,$$(wildcard $(2)/*.crd.yaml-merge-patch),$$(call patch-crd,$$(subst $(2),$(3),$$(basename $$(p))).yaml,$$(p))) + $$(foreach p,$$(wildcard $(2)/*.crd.yaml-merge-patch),$$(call patch-crd-yq,$$(subst $(2),$(3),$$(basename $$(p))).yaml,$$(p))) + $$(foreach p,$$(wildcard $(2)/*.crd.yaml-patch),$$(call patch-crd-yaml-patch,$$(subst $(2),$(3),$$(basename $$(p))).yaml,$$(p))) endef @@ -32,7 +41,7 @@ endef # $4 - output define add-crd-gen-internal -update-codegen-crds-$(1): ensure-controller-gen ensure-yq +update-codegen-crds-$(1): ensure-controller-gen ensure-yq ensure-yaml-patch $(call run-crd-gen,$(2),$(3),$(4)) .PHONY: update-codegen-crds-$(1) @@ -40,7 +49,7 @@ update-codegen-crds: update-codegen-crds-$(1) .PHONY: update-codegen-crds verify-codegen-crds-$(1): VERIFY_CODEGEN_CRD_TMP_DIR:=$$(shell mktemp -d) -verify-codegen-crds-$(1): ensure-controller-gen ensure-yq +verify-codegen-crds-$(1): ensure-controller-gen ensure-yq ensure-yaml-patch $(call run-crd-gen,$(2),$(3),$$(VERIFY_CODEGEN_CRD_TMP_DIR)) $$(foreach p,$$(wildcard $(3)/*crd.yaml),$$(call diff-file,$$(p),$$(subst $(3),$$(VERIFY_CODEGEN_CRD_TMP_DIR),$$(p)))) .PHONY: verify-codegen-crds-$(1) @@ -77,4 +86,5 @@ include $(addprefix $(self_dir), \ ../../lib/tmp.mk \ ../../targets/openshift/controller-gen.mk \ ../../targets/openshift/yq.mk \ + ../../targets/openshift/yaml-patch.mk \ ) diff --git a/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/yaml-patch.mk b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/yaml-patch.mk new file mode 100644 index 0000000000..d6569e6097 --- /dev/null +++ b/vendor/github.com/openshift/build-machinery-go/make/targets/openshift/yaml-patch.mk @@ -0,0 +1,32 @@ +self_dir :=$(dir $(lastword $(MAKEFILE_LIST))) + +YAML_PATCH ?=$(PERMANENT_TMP_GOPATH)/bin/yaml-patch +yaml_patch_dir :=$(dir $(YAML_PATCH)) + + +ensure-yaml-patch: +ifeq "" "$(wildcard $(YAML_PATCH))" + $(info Installing yaml-patch into '$(YAML_PATCH)') + mkdir -p '$(yaml_patch_dir)' + curl -s -f -L https://github.com/krishicks/yaml-patch/releases/download/v0.0.10/yaml_patch_$(GOHOSTOS) -o '$(YAML_PATCH)' + chmod +x '$(YAML_PATCH)'; +else + $(info Using existing yaml-patch from "$(YAML_PATCH)") +endif +.PHONY: ensure-yaml-patch + +clean-yaml-patch: + $(RM) '$(YAML_PATCH)' + if [ -d '$(yaml_patch_dir)' ]; then rmdir --ignore-fail-on-non-empty -p '$(yaml_patch_dir)'; fi +.PHONY: clean-yaml-patch + +clean: clean-yaml-patch + + +# We need to be careful to expand all the paths before any include is done +# or self_dir could be modified for the next include by the included file. +# Also doing this at the end of the file allows us to use self_dir before it could be modified. +include $(addprefix $(self_dir), \ + ../../lib/golang.mk \ + ../../lib/tmp.mk \ +) diff --git a/vendor/github.com/openshift/client-go/config/clientset/versioned/fake/register.go b/vendor/github.com/openshift/client-go/config/clientset/versioned/fake/register.go index 86ddd0f721..94a788d5fb 100644 --- a/vendor/github.com/openshift/client-go/config/clientset/versioned/fake/register.go +++ b/vendor/github.com/openshift/client-go/config/clientset/versioned/fake/register.go @@ -13,7 +13,7 @@ import ( var scheme = runtime.NewScheme() var codecs = serializer.NewCodecFactory(scheme) -var parameterCodec = runtime.NewParameterCodec(scheme) + var localSchemeBuilder = runtime.SchemeBuilder{ configv1.AddToScheme, } diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/apiserver.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/apiserver.go index 63bb7ecfdc..247e40017b 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1/apiserver.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1/apiserver.go @@ -10,10 +10,13 @@ import ( ) // APIServerLister helps list APIServers. +// All objects returned here must be treated as read-only. type APIServerLister interface { // List lists all APIServers in the indexer. + // Objects returned here must be treated as read-only. List(selector labels.Selector) (ret []*v1.APIServer, err error) // Get retrieves the APIServer from the index for a given name. + // Objects returned here must be treated as read-only. Get(name string) (*v1.APIServer, error) APIServerListerExpansion } diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/authentication.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/authentication.go index 27c113a902..99cc824851 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1/authentication.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1/authentication.go @@ -10,10 +10,13 @@ import ( ) // AuthenticationLister helps list Authentications. +// All objects returned here must be treated as read-only. type AuthenticationLister interface { // List lists all Authentications in the indexer. + // Objects returned here must be treated as read-only. List(selector labels.Selector) (ret []*v1.Authentication, err error) // Get retrieves the Authentication from the index for a given name. + // Objects returned here must be treated as read-only. Get(name string) (*v1.Authentication, error) AuthenticationListerExpansion } diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/build.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/build.go index e8fa1c564f..77a1a36ff8 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1/build.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1/build.go @@ -10,10 +10,13 @@ import ( ) // BuildLister helps list Builds. +// All objects returned here must be treated as read-only. type BuildLister interface { // List lists all Builds in the indexer. + // Objects returned here must be treated as read-only. List(selector labels.Selector) (ret []*v1.Build, err error) // Get retrieves the Build from the index for a given name. + // Objects returned here must be treated as read-only. Get(name string) (*v1.Build, error) BuildListerExpansion } diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/clusteroperator.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/clusteroperator.go index bb88edee61..e4c95773a0 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1/clusteroperator.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1/clusteroperator.go @@ -10,10 +10,13 @@ import ( ) // ClusterOperatorLister helps list ClusterOperators. +// All objects returned here must be treated as read-only. type ClusterOperatorLister interface { // List lists all ClusterOperators in the indexer. + // Objects returned here must be treated as read-only. List(selector labels.Selector) (ret []*v1.ClusterOperator, err error) // Get retrieves the ClusterOperator from the index for a given name. + // Objects returned here must be treated as read-only. Get(name string) (*v1.ClusterOperator, error) ClusterOperatorListerExpansion } diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/clusterversion.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/clusterversion.go index c053383a16..ab309a1b20 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1/clusterversion.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1/clusterversion.go @@ -10,10 +10,13 @@ import ( ) // ClusterVersionLister helps list ClusterVersions. +// All objects returned here must be treated as read-only. type ClusterVersionLister interface { // List lists all ClusterVersions in the indexer. + // Objects returned here must be treated as read-only. List(selector labels.Selector) (ret []*v1.ClusterVersion, err error) // Get retrieves the ClusterVersion from the index for a given name. + // Objects returned here must be treated as read-only. Get(name string) (*v1.ClusterVersion, error) ClusterVersionListerExpansion } diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/console.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/console.go index 8a17d3e2b0..daaf7aa92f 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1/console.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1/console.go @@ -10,10 +10,13 @@ import ( ) // ConsoleLister helps list Consoles. +// All objects returned here must be treated as read-only. type ConsoleLister interface { // List lists all Consoles in the indexer. + // Objects returned here must be treated as read-only. List(selector labels.Selector) (ret []*v1.Console, err error) // Get retrieves the Console from the index for a given name. + // Objects returned here must be treated as read-only. Get(name string) (*v1.Console, error) ConsoleListerExpansion } diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/dns.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/dns.go index 84ee547706..89441b3a9d 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1/dns.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1/dns.go @@ -10,10 +10,13 @@ import ( ) // DNSLister helps list DNSes. +// All objects returned here must be treated as read-only. type DNSLister interface { // List lists all DNSes in the indexer. + // Objects returned here must be treated as read-only. List(selector labels.Selector) (ret []*v1.DNS, err error) // Get retrieves the DNS from the index for a given name. + // Objects returned here must be treated as read-only. Get(name string) (*v1.DNS, error) DNSListerExpansion } diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/featuregate.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/featuregate.go index cb2b6cf163..4c796e80ff 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1/featuregate.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1/featuregate.go @@ -10,10 +10,13 @@ import ( ) // FeatureGateLister helps list FeatureGates. +// All objects returned here must be treated as read-only. type FeatureGateLister interface { // List lists all FeatureGates in the indexer. + // Objects returned here must be treated as read-only. List(selector labels.Selector) (ret []*v1.FeatureGate, err error) // Get retrieves the FeatureGate from the index for a given name. + // Objects returned here must be treated as read-only. Get(name string) (*v1.FeatureGate, error) FeatureGateListerExpansion } diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/image.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/image.go index 0696e718a6..f563f919a4 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1/image.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1/image.go @@ -10,10 +10,13 @@ import ( ) // ImageLister helps list Images. +// All objects returned here must be treated as read-only. type ImageLister interface { // List lists all Images in the indexer. + // Objects returned here must be treated as read-only. List(selector labels.Selector) (ret []*v1.Image, err error) // Get retrieves the Image from the index for a given name. + // Objects returned here must be treated as read-only. Get(name string) (*v1.Image, error) ImageListerExpansion } diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/infrastructure.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/infrastructure.go index 90e4e54a96..33f4b229e2 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1/infrastructure.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1/infrastructure.go @@ -10,10 +10,13 @@ import ( ) // InfrastructureLister helps list Infrastructures. +// All objects returned here must be treated as read-only. type InfrastructureLister interface { // List lists all Infrastructures in the indexer. + // Objects returned here must be treated as read-only. List(selector labels.Selector) (ret []*v1.Infrastructure, err error) // Get retrieves the Infrastructure from the index for a given name. + // Objects returned here must be treated as read-only. Get(name string) (*v1.Infrastructure, error) InfrastructureListerExpansion } diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/ingress.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/ingress.go index 7fff5b0554..78b0fd1254 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1/ingress.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1/ingress.go @@ -10,10 +10,13 @@ import ( ) // IngressLister helps list Ingresses. +// All objects returned here must be treated as read-only. type IngressLister interface { // List lists all Ingresses in the indexer. + // Objects returned here must be treated as read-only. List(selector labels.Selector) (ret []*v1.Ingress, err error) // Get retrieves the Ingress from the index for a given name. + // Objects returned here must be treated as read-only. Get(name string) (*v1.Ingress, error) IngressListerExpansion } diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/network.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/network.go index 18c2fa73d7..174fdb45b7 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1/network.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1/network.go @@ -10,10 +10,13 @@ import ( ) // NetworkLister helps list Networks. +// All objects returned here must be treated as read-only. type NetworkLister interface { // List lists all Networks in the indexer. + // Objects returned here must be treated as read-only. List(selector labels.Selector) (ret []*v1.Network, err error) // Get retrieves the Network from the index for a given name. + // Objects returned here must be treated as read-only. Get(name string) (*v1.Network, error) NetworkListerExpansion } diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/oauth.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/oauth.go index b09ca24b31..8d9882471b 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1/oauth.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1/oauth.go @@ -10,10 +10,13 @@ import ( ) // OAuthLister helps list OAuths. +// All objects returned here must be treated as read-only. type OAuthLister interface { // List lists all OAuths in the indexer. + // Objects returned here must be treated as read-only. List(selector labels.Selector) (ret []*v1.OAuth, err error) // Get retrieves the OAuth from the index for a given name. + // Objects returned here must be treated as read-only. Get(name string) (*v1.OAuth, error) OAuthListerExpansion } diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/operatorhub.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/operatorhub.go index 21acaf91e1..b69a49471c 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1/operatorhub.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1/operatorhub.go @@ -10,10 +10,13 @@ import ( ) // OperatorHubLister helps list OperatorHubs. +// All objects returned here must be treated as read-only. type OperatorHubLister interface { // List lists all OperatorHubs in the indexer. + // Objects returned here must be treated as read-only. List(selector labels.Selector) (ret []*v1.OperatorHub, err error) // Get retrieves the OperatorHub from the index for a given name. + // Objects returned here must be treated as read-only. Get(name string) (*v1.OperatorHub, error) OperatorHubListerExpansion } diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/project.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/project.go index 18c7fbd08d..30273ba6be 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1/project.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1/project.go @@ -10,10 +10,13 @@ import ( ) // ProjectLister helps list Projects. +// All objects returned here must be treated as read-only. type ProjectLister interface { // List lists all Projects in the indexer. + // Objects returned here must be treated as read-only. List(selector labels.Selector) (ret []*v1.Project, err error) // Get retrieves the Project from the index for a given name. + // Objects returned here must be treated as read-only. Get(name string) (*v1.Project, error) ProjectListerExpansion } diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/proxy.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/proxy.go index 032f5d125d..8ecb633c3e 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1/proxy.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1/proxy.go @@ -10,10 +10,13 @@ import ( ) // ProxyLister helps list Proxies. +// All objects returned here must be treated as read-only. type ProxyLister interface { // List lists all Proxies in the indexer. + // Objects returned here must be treated as read-only. List(selector labels.Selector) (ret []*v1.Proxy, err error) // Get retrieves the Proxy from the index for a given name. + // Objects returned here must be treated as read-only. Get(name string) (*v1.Proxy, error) ProxyListerExpansion } diff --git a/vendor/github.com/openshift/client-go/config/listers/config/v1/scheduler.go b/vendor/github.com/openshift/client-go/config/listers/config/v1/scheduler.go index 7074a8b71a..3e2f81ea44 100644 --- a/vendor/github.com/openshift/client-go/config/listers/config/v1/scheduler.go +++ b/vendor/github.com/openshift/client-go/config/listers/config/v1/scheduler.go @@ -10,10 +10,13 @@ import ( ) // SchedulerLister helps list Schedulers. +// All objects returned here must be treated as read-only. type SchedulerLister interface { // List lists all Schedulers in the indexer. + // Objects returned here must be treated as read-only. List(selector labels.Selector) (ret []*v1.Scheduler, err error) // Get retrieves the Scheduler from the index for a given name. + // Objects returned here must be treated as read-only. Get(name string) (*v1.Scheduler, error) SchedulerListerExpansion } diff --git a/vendor/github.com/openshift/client-go/quota/clientset/versioned/fake/register.go b/vendor/github.com/openshift/client-go/quota/clientset/versioned/fake/register.go index b302914e11..c071a822e1 100644 --- a/vendor/github.com/openshift/client-go/quota/clientset/versioned/fake/register.go +++ b/vendor/github.com/openshift/client-go/quota/clientset/versioned/fake/register.go @@ -13,7 +13,7 @@ import ( var scheme = runtime.NewScheme() var codecs = serializer.NewCodecFactory(scheme) -var parameterCodec = runtime.NewParameterCodec(scheme) + var localSchemeBuilder = runtime.SchemeBuilder{ quotav1.AddToScheme, } diff --git a/vendor/github.com/openshift/client-go/quota/listers/quota/v1/appliedclusterresourcequota.go b/vendor/github.com/openshift/client-go/quota/listers/quota/v1/appliedclusterresourcequota.go index e5b1c92f45..1f2e026b56 100644 --- a/vendor/github.com/openshift/client-go/quota/listers/quota/v1/appliedclusterresourcequota.go +++ b/vendor/github.com/openshift/client-go/quota/listers/quota/v1/appliedclusterresourcequota.go @@ -10,8 +10,10 @@ import ( ) // AppliedClusterResourceQuotaLister helps list AppliedClusterResourceQuotas. +// All objects returned here must be treated as read-only. type AppliedClusterResourceQuotaLister interface { // List lists all AppliedClusterResourceQuotas in the indexer. + // Objects returned here must be treated as read-only. List(selector labels.Selector) (ret []*v1.AppliedClusterResourceQuota, err error) // AppliedClusterResourceQuotas returns an object that can list and get AppliedClusterResourceQuotas. AppliedClusterResourceQuotas(namespace string) AppliedClusterResourceQuotaNamespaceLister @@ -42,10 +44,13 @@ func (s *appliedClusterResourceQuotaLister) AppliedClusterResourceQuotas(namespa } // AppliedClusterResourceQuotaNamespaceLister helps list and get AppliedClusterResourceQuotas. +// All objects returned here must be treated as read-only. type AppliedClusterResourceQuotaNamespaceLister interface { // List lists all AppliedClusterResourceQuotas in the indexer for a given namespace. + // Objects returned here must be treated as read-only. List(selector labels.Selector) (ret []*v1.AppliedClusterResourceQuota, err error) // Get retrieves the AppliedClusterResourceQuota from the indexer for a given namespace and name. + // Objects returned here must be treated as read-only. Get(name string) (*v1.AppliedClusterResourceQuota, error) AppliedClusterResourceQuotaNamespaceListerExpansion } diff --git a/vendor/github.com/openshift/client-go/quota/listers/quota/v1/clusterresourcequota.go b/vendor/github.com/openshift/client-go/quota/listers/quota/v1/clusterresourcequota.go index 487da11217..dffa1f0f71 100644 --- a/vendor/github.com/openshift/client-go/quota/listers/quota/v1/clusterresourcequota.go +++ b/vendor/github.com/openshift/client-go/quota/listers/quota/v1/clusterresourcequota.go @@ -10,10 +10,13 @@ import ( ) // ClusterResourceQuotaLister helps list ClusterResourceQuotas. +// All objects returned here must be treated as read-only. type ClusterResourceQuotaLister interface { // List lists all ClusterResourceQuotas in the indexer. + // Objects returned here must be treated as read-only. List(selector labels.Selector) (ret []*v1.ClusterResourceQuota, err error) // Get retrieves the ClusterResourceQuota from the index for a given name. + // Objects returned here must be treated as read-only. Get(name string) (*v1.ClusterResourceQuota, error) ClusterResourceQuotaListerExpansion } diff --git a/vendor/github.com/openshift/client-go/route/clientset/versioned/fake/register.go b/vendor/github.com/openshift/client-go/route/clientset/versioned/fake/register.go index 4e069e9a09..279f25d9de 100644 --- a/vendor/github.com/openshift/client-go/route/clientset/versioned/fake/register.go +++ b/vendor/github.com/openshift/client-go/route/clientset/versioned/fake/register.go @@ -13,7 +13,7 @@ import ( var scheme = runtime.NewScheme() var codecs = serializer.NewCodecFactory(scheme) -var parameterCodec = runtime.NewParameterCodec(scheme) + var localSchemeBuilder = runtime.SchemeBuilder{ routev1.AddToScheme, } diff --git a/vendor/go.etcd.io/etcd/clientv3/watch.go b/vendor/go.etcd.io/etcd/clientv3/watch.go index 4ae3a0b33f..66e16ad63f 100644 --- a/vendor/go.etcd.io/etcd/clientv3/watch.go +++ b/vendor/go.etcd.io/etcd/clientv3/watch.go @@ -141,6 +141,7 @@ type watcher struct { // streams holds all the active grpc streams keyed by ctx value. streams map[string]*watchGrpcStream + lg *zap.Logger } // watchGrpcStream tracks all watch resources attached to a single grpc stream. @@ -177,6 +178,8 @@ type watchGrpcStream struct { resumec chan struct{} // closeErr is the error that closed the watch stream closeErr error + + lg *zap.Logger } // watchStreamRequest is a union of the supported watch request operation types @@ -243,6 +246,7 @@ func NewWatchFromWatchClient(wc pb.WatchClient, c *Client) Watcher { } if c != nil { w.callOpts = c.callOpts + w.lg = c.lg } return w } @@ -274,6 +278,7 @@ func (w *watcher) newWatcherGrpcStream(inctx context.Context) *watchGrpcStream { errc: make(chan error, 1), closingc: make(chan *watcherStream), resumec: make(chan struct{}), + lg: w.lg, } go wgs.run() return wgs @@ -545,10 +550,18 @@ func (w *watchGrpcStream) run() { w.resuming = append(w.resuming, ws) if len(w.resuming) == 1 { // head of resume queue, can register a new watcher - wc.Send(ws.initReq.toPB()) + if err := wc.Send(ws.initReq.toPB()); err != nil { + if w.lg != nil { + w.lg.Debug("error when sending request", zap.Error(err)) + } + } } case *progressRequest: - wc.Send(wreq.toPB()) + if err := wc.Send(wreq.toPB()); err != nil { + if w.lg != nil { + w.lg.Debug("error when sending request", zap.Error(err)) + } + } } // new events from the watch client @@ -572,7 +585,11 @@ func (w *watchGrpcStream) run() { } if ws := w.nextResume(); ws != nil { - wc.Send(ws.initReq.toPB()) + if err := wc.Send(ws.initReq.toPB()); err != nil { + if w.lg != nil { + w.lg.Debug("error when sending request", zap.Error(err)) + } + } } // reset for next iteration @@ -617,9 +634,13 @@ func (w *watchGrpcStream) run() { }, } req := &pb.WatchRequest{RequestUnion: cr} - lg.Info("sending watch cancel request for failed dispatch", zap.Int64("watch-id", pbresp.WatchId)) + if w.lg != nil { + w.lg.Debug("sending watch cancel request for failed dispatch", zap.Int64("watch-id", pbresp.WatchId)) + } if err := wc.Send(req); err != nil { - lg.Warning("failed to send watch cancel request", zap.Int64("watch-id", pbresp.WatchId), zap.Error(err)) + if w.lg != nil { + w.lg.Debug("failed to send watch cancel request", zap.Int64("watch-id", pbresp.WatchId), zap.Error(err)) + } } } @@ -633,7 +654,11 @@ func (w *watchGrpcStream) run() { return } if ws := w.nextResume(); ws != nil { - wc.Send(ws.initReq.toPB()) + if err := wc.Send(ws.initReq.toPB()); err != nil { + if w.lg != nil { + w.lg.Debug("error when sending request", zap.Error(err)) + } + } } cancelSet = make(map[int64]struct{}) @@ -651,9 +676,13 @@ func (w *watchGrpcStream) run() { }, } req := &pb.WatchRequest{RequestUnion: cr} - lg.Info("sending watch cancel request for closed watcher", zap.Int64("watch-id", ws.id)) + if w.lg != nil { + w.lg.Debug("sending watch cancel request for closed watcher", zap.Int64("watch-id", ws.id)) + } if err := wc.Send(req); err != nil { - lg.Warning("failed to send watch cancel request", zap.Int64("watch-id", ws.id), zap.Error(err)) + if w.lg != nil { + w.lg.Debug("failed to send watch cancel request", zap.Int64("watch-id", ws.id), zap.Error(err)) + } } } w.closeSubstream(ws) diff --git a/vendor/go.etcd.io/etcd/version/version.go b/vendor/go.etcd.io/etcd/version/version.go index b1a002f611..f05139adff 100644 --- a/vendor/go.etcd.io/etcd/version/version.go +++ b/vendor/go.etcd.io/etcd/version/version.go @@ -26,7 +26,7 @@ import ( var ( // MinClusterVersion is the min cluster version this etcd binary is compatible with. MinClusterVersion = "3.0.0" - Version = "3.4.10" + Version = "3.4.12" APIVersion = "unknown" // Git SHA Value will be set during build diff --git a/vendor/golang.org/x/crypto/cryptobyte/asn1.go b/vendor/golang.org/x/crypto/cryptobyte/asn1.go index f930f7e526..d3596ee66f 100644 --- a/vendor/golang.org/x/crypto/cryptobyte/asn1.go +++ b/vendor/golang.org/x/crypto/cryptobyte/asn1.go @@ -81,7 +81,7 @@ func (b *Builder) AddASN1BigInt(n *big.Int) { for i := range bytes { bytes[i] ^= 0xff } - if bytes[0]&0x80 == 0 { + if len(bytes) == 0 || bytes[0]&0x80 == 0 { c.add(0xff) } c.add(bytes...) @@ -230,12 +230,12 @@ func (b *Builder) AddASN1(tag asn1.Tag, f BuilderContinuation) { // String -// ReadASN1Boolean decodes an ASN.1 INTEGER and converts it to a boolean +// ReadASN1Boolean decodes an ASN.1 BOOLEAN and converts it to a boolean // representation into out and advances. It reports whether the read // was successful. func (s *String) ReadASN1Boolean(out *bool) bool { var bytes String - if !s.ReadASN1(&bytes, asn1.INTEGER) || len(bytes) != 1 { + if !s.ReadASN1(&bytes, asn1.BOOLEAN) || len(bytes) != 1 { return false } diff --git a/vendor/golang.org/x/crypto/openpgp/packet/packet.go b/vendor/golang.org/x/crypto/openpgp/packet/packet.go index 5af64c5421..9728d61d7a 100644 --- a/vendor/golang.org/x/crypto/openpgp/packet/packet.go +++ b/vendor/golang.org/x/crypto/openpgp/packet/packet.go @@ -14,6 +14,7 @@ import ( "crypto/rsa" "io" "math/big" + "math/bits" "golang.org/x/crypto/cast5" "golang.org/x/crypto/openpgp/errors" @@ -100,33 +101,65 @@ func (r *partialLengthReader) Read(p []byte) (n int, err error) { type partialLengthWriter struct { w io.WriteCloser lengthByte [1]byte + sentFirst bool + buf []byte } +// RFC 4880 4.2.2.4: the first partial length MUST be at least 512 octets long. +const minFirstPartialWrite = 512 + func (w *partialLengthWriter) Write(p []byte) (n int, err error) { + off := 0 + if !w.sentFirst { + if len(w.buf) > 0 || len(p) < minFirstPartialWrite { + off = len(w.buf) + w.buf = append(w.buf, p...) + if len(w.buf) < minFirstPartialWrite { + return len(p), nil + } + p = w.buf + w.buf = nil + } + w.sentFirst = true + } + + power := uint8(30) for len(p) > 0 { - for power := uint(14); power < 32; power-- { - l := 1 << power - if len(p) >= l { - w.lengthByte[0] = 224 + uint8(power) - _, err = w.w.Write(w.lengthByte[:]) - if err != nil { - return - } - var m int - m, err = w.w.Write(p[:l]) - n += m - if err != nil { - return - } - p = p[l:] - break + l := 1 << power + if len(p) < l { + power = uint8(bits.Len32(uint32(len(p)))) - 1 + l = 1 << power + } + w.lengthByte[0] = 224 + power + _, err = w.w.Write(w.lengthByte[:]) + if err == nil { + var m int + m, err = w.w.Write(p[:l]) + n += m + } + if err != nil { + if n < off { + return 0, err } + return n - off, err } + p = p[l:] } - return + return n - off, nil } func (w *partialLengthWriter) Close() error { + if len(w.buf) > 0 { + // In this case we can't send a 512 byte packet. + // Just send what we have. + p := w.buf + w.sentFirst = true + w.buf = nil + if _, err := w.Write(p); err != nil { + return err + } + } + w.lengthByte[0] = 0 _, err := w.w.Write(w.lengthByte[:]) if err != nil { diff --git a/vendor/golang.org/x/crypto/poly1305/mac_noasm.go b/vendor/golang.org/x/crypto/poly1305/mac_noasm.go index a8dd589ae3..d118f30ed5 100644 --- a/vendor/golang.org/x/crypto/poly1305/mac_noasm.go +++ b/vendor/golang.org/x/crypto/poly1305/mac_noasm.go @@ -2,10 +2,8 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// +build !amd64,!ppc64le gccgo appengine +// +build !amd64,!ppc64le,!s390x gccgo purego package poly1305 type mac struct{ macGeneric } - -func newMAC(key *[32]byte) mac { return mac{newMACGeneric(key)} } diff --git a/vendor/golang.org/x/crypto/poly1305/poly1305.go b/vendor/golang.org/x/crypto/poly1305/poly1305.go index 066159b797..9d7a6af09f 100644 --- a/vendor/golang.org/x/crypto/poly1305/poly1305.go +++ b/vendor/golang.org/x/crypto/poly1305/poly1305.go @@ -26,7 +26,9 @@ const TagSize = 16 // 16-byte result into out. Authenticating two different messages with the same // key allows an attacker to forge messages at will. func Sum(out *[16]byte, m []byte, key *[32]byte) { - sum(out, m, key) + h := New(key) + h.Write(m) + h.Sum(out[:0]) } // Verify returns true if mac is a valid authenticator for m with the given key. @@ -46,10 +48,9 @@ func Verify(mac *[16]byte, m []byte, key *[32]byte) bool { // two different messages with the same key allows an attacker // to forge messages at will. func New(key *[32]byte) *MAC { - return &MAC{ - mac: newMAC(key), - finalized: false, - } + m := &MAC{} + initialize(key, &m.macState) + return m } // MAC is an io.Writer computing an authentication tag @@ -58,7 +59,7 @@ func New(key *[32]byte) *MAC { // MAC cannot be used like common hash.Hash implementations, // because using a poly1305 key twice breaks its security. // Therefore writing data to a running MAC after calling -// Sum causes it to panic. +// Sum or Verify causes it to panic. type MAC struct { mac // platform-dependent implementation @@ -71,10 +72,10 @@ func (h *MAC) Size() int { return TagSize } // Write adds more data to the running message authentication code. // It never returns an error. // -// It must not be called after the first call of Sum. +// It must not be called after the first call of Sum or Verify. func (h *MAC) Write(p []byte) (n int, err error) { if h.finalized { - panic("poly1305: write to MAC after Sum") + panic("poly1305: write to MAC after Sum or Verify") } return h.mac.Write(p) } @@ -87,3 +88,12 @@ func (h *MAC) Sum(b []byte) []byte { h.finalized = true return append(b, mac[:]...) } + +// Verify returns whether the authenticator of all data written to +// the message authentication code matches the expected value. +func (h *MAC) Verify(expected []byte) bool { + var mac [TagSize]byte + h.mac.Sum(&mac) + h.finalized = true + return subtle.ConstantTimeCompare(expected, mac[:]) == 1 +} diff --git a/vendor/golang.org/x/crypto/poly1305/sum_amd64.go b/vendor/golang.org/x/crypto/poly1305/sum_amd64.go index df56a652ff..99e5a1d50e 100644 --- a/vendor/golang.org/x/crypto/poly1305/sum_amd64.go +++ b/vendor/golang.org/x/crypto/poly1305/sum_amd64.go @@ -2,24 +2,13 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// +build amd64,!gccgo,!appengine +// +build !gccgo,!purego package poly1305 //go:noescape func update(state *macState, msg []byte) -func sum(out *[16]byte, m []byte, key *[32]byte) { - h := newMAC(key) - h.Write(m) - h.Sum(out) -} - -func newMAC(key *[32]byte) (h mac) { - initialize(key, &h.r, &h.s) - return -} - // mac is a wrapper for macGeneric that redirects calls that would have gone to // updateGeneric to update. // diff --git a/vendor/golang.org/x/crypto/poly1305/sum_amd64.s b/vendor/golang.org/x/crypto/poly1305/sum_amd64.s index 8c0cefbb3c..8d394a212e 100644 --- a/vendor/golang.org/x/crypto/poly1305/sum_amd64.s +++ b/vendor/golang.org/x/crypto/poly1305/sum_amd64.s @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// +build amd64,!gccgo,!appengine +// +build !gccgo,!purego #include "textflag.h" diff --git a/vendor/golang.org/x/crypto/poly1305/sum_generic.go b/vendor/golang.org/x/crypto/poly1305/sum_generic.go index 1187eab78f..c942a65904 100644 --- a/vendor/golang.org/x/crypto/poly1305/sum_generic.go +++ b/vendor/golang.org/x/crypto/poly1305/sum_generic.go @@ -31,16 +31,18 @@ func sumGeneric(out *[TagSize]byte, msg []byte, key *[32]byte) { h.Sum(out) } -func newMACGeneric(key *[32]byte) (h macGeneric) { - initialize(key, &h.r, &h.s) - return +func newMACGeneric(key *[32]byte) macGeneric { + m := macGeneric{} + initialize(key, &m.macState) + return m } // macState holds numbers in saturated 64-bit little-endian limbs. That is, // the value of [x0, x1, x2] is x[0] + x[1] * 2⁶⁴ + x[2] * 2¹²⁸. type macState struct { // h is the main accumulator. It is to be interpreted modulo 2¹³⁰ - 5, but - // can grow larger during and after rounds. + // can grow larger during and after rounds. It must, however, remain below + // 2 * (2¹³⁰ - 5). h [3]uint64 // r and s are the private key components. r [2]uint64 @@ -97,11 +99,12 @@ const ( rMask1 = 0x0FFFFFFC0FFFFFFC ) -func initialize(key *[32]byte, r, s *[2]uint64) { - r[0] = binary.LittleEndian.Uint64(key[0:8]) & rMask0 - r[1] = binary.LittleEndian.Uint64(key[8:16]) & rMask1 - s[0] = binary.LittleEndian.Uint64(key[16:24]) - s[1] = binary.LittleEndian.Uint64(key[24:32]) +// initialize loads the 256-bit key into the two 128-bit secret values r and s. +func initialize(key *[32]byte, m *macState) { + m.r[0] = binary.LittleEndian.Uint64(key[0:8]) & rMask0 + m.r[1] = binary.LittleEndian.Uint64(key[8:16]) & rMask1 + m.s[0] = binary.LittleEndian.Uint64(key[16:24]) + m.s[1] = binary.LittleEndian.Uint64(key[24:32]) } // uint128 holds a 128-bit number as two 64-bit limbs, for use with the diff --git a/vendor/golang.org/x/crypto/poly1305/sum_noasm.go b/vendor/golang.org/x/crypto/poly1305/sum_noasm.go deleted file mode 100644 index 32a9cef6bb..0000000000 --- a/vendor/golang.org/x/crypto/poly1305/sum_noasm.go +++ /dev/null @@ -1,13 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build s390x,!go1.11 !amd64,!s390x,!ppc64le gccgo appengine nacl - -package poly1305 - -func sum(out *[TagSize]byte, msg []byte, key *[32]byte) { - h := newMAC(key) - h.Write(msg) - h.Sum(out) -} diff --git a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go b/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go index 3233616935..2e7a120b19 100644 --- a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go +++ b/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.go @@ -2,24 +2,13 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// +build ppc64le,!gccgo,!appengine +// +build !gccgo,!purego package poly1305 //go:noescape func update(state *macState, msg []byte) -func sum(out *[16]byte, m []byte, key *[32]byte) { - h := newMAC(key) - h.Write(m) - h.Sum(out) -} - -func newMAC(key *[32]byte) (h mac) { - initialize(key, &h.r, &h.s) - return -} - // mac is a wrapper for macGeneric that redirects calls that would have gone to // updateGeneric to update. // diff --git a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s b/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s index 4e20bf299a..4e02813879 100644 --- a/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s +++ b/vendor/golang.org/x/crypto/poly1305/sum_ppc64le.s @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// +build ppc64le,!gccgo,!appengine +// +build !gccgo,!purego #include "textflag.h" diff --git a/vendor/golang.org/x/crypto/poly1305/sum_s390x.go b/vendor/golang.org/x/crypto/poly1305/sum_s390x.go index a8920ee9d2..958fedc079 100644 --- a/vendor/golang.org/x/crypto/poly1305/sum_s390x.go +++ b/vendor/golang.org/x/crypto/poly1305/sum_s390x.go @@ -2,7 +2,7 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// +build s390x,go1.11,!gccgo,!appengine +// +build !gccgo,!purego package poly1305 @@ -10,30 +10,66 @@ import ( "golang.org/x/sys/cpu" ) -// poly1305vx is an assembly implementation of Poly1305 that uses vector +// updateVX is an assembly implementation of Poly1305 that uses vector // instructions. It must only be called if the vector facility (vx) is // available. //go:noescape -func poly1305vx(out *[16]byte, m *byte, mlen uint64, key *[32]byte) +func updateVX(state *macState, msg []byte) -// poly1305vmsl is an assembly implementation of Poly1305 that uses vector -// instructions, including VMSL. It must only be called if the vector facility (vx) is -// available and if VMSL is supported. -//go:noescape -func poly1305vmsl(out *[16]byte, m *byte, mlen uint64, key *[32]byte) +// mac is a replacement for macGeneric that uses a larger buffer and redirects +// calls that would have gone to updateGeneric to updateVX if the vector +// facility is installed. +// +// A larger buffer is required for good performance because the vector +// implementation has a higher fixed cost per call than the generic +// implementation. +type mac struct { + macState + + buffer [16 * TagSize]byte // size must be a multiple of block size (16) + offset int +} -func sum(out *[16]byte, m []byte, key *[32]byte) { - if cpu.S390X.HasVX { - var mPtr *byte - if len(m) > 0 { - mPtr = &m[0] +func (h *mac) Write(p []byte) (int, error) { + nn := len(p) + if h.offset > 0 { + n := copy(h.buffer[h.offset:], p) + if h.offset+n < len(h.buffer) { + h.offset += n + return nn, nil } - if cpu.S390X.HasVXE && len(m) > 256 { - poly1305vmsl(out, mPtr, uint64(len(m)), key) + p = p[n:] + h.offset = 0 + if cpu.S390X.HasVX { + updateVX(&h.macState, h.buffer[:]) } else { - poly1305vx(out, mPtr, uint64(len(m)), key) + updateGeneric(&h.macState, h.buffer[:]) } - } else { - sumGeneric(out, m, key) } + + tail := len(p) % len(h.buffer) // number of bytes to copy into buffer + body := len(p) - tail // number of bytes to process now + if body > 0 { + if cpu.S390X.HasVX { + updateVX(&h.macState, p[:body]) + } else { + updateGeneric(&h.macState, p[:body]) + } + } + h.offset = copy(h.buffer[:], p[body:]) // copy tail bytes - can be 0 + return nn, nil +} + +func (h *mac) Sum(out *[TagSize]byte) { + state := h.macState + remainder := h.buffer[:h.offset] + + // Use the generic implementation if we have 2 or fewer blocks left + // to sum. The vector implementation has a higher startup time. + if cpu.S390X.HasVX && len(remainder) > 2*TagSize { + updateVX(&state, remainder) + } else if len(remainder) > 0 { + updateGeneric(&state, remainder) + } + finalize(out, &state.h, &state.s) } diff --git a/vendor/golang.org/x/crypto/poly1305/sum_s390x.s b/vendor/golang.org/x/crypto/poly1305/sum_s390x.s index ca5a309d86..0fa9ee6e0b 100644 --- a/vendor/golang.org/x/crypto/poly1305/sum_s390x.s +++ b/vendor/golang.org/x/crypto/poly1305/sum_s390x.s @@ -2,115 +2,187 @@ // Use of this source code is governed by a BSD-style // license that can be found in the LICENSE file. -// +build s390x,go1.11,!gccgo,!appengine +// +build !gccgo,!purego #include "textflag.h" -// Implementation of Poly1305 using the vector facility (vx). - -// constants -#define MOD26 V0 -#define EX0 V1 -#define EX1 V2 -#define EX2 V3 - -// temporaries -#define T_0 V4 -#define T_1 V5 -#define T_2 V6 -#define T_3 V7 -#define T_4 V8 - -// key (r) -#define R_0 V9 -#define R_1 V10 -#define R_2 V11 -#define R_3 V12 -#define R_4 V13 -#define R5_1 V14 -#define R5_2 V15 -#define R5_3 V16 -#define R5_4 V17 -#define RSAVE_0 R5 -#define RSAVE_1 R6 -#define RSAVE_2 R7 -#define RSAVE_3 R8 -#define RSAVE_4 R9 -#define R5SAVE_1 V28 -#define R5SAVE_2 V29 -#define R5SAVE_3 V30 -#define R5SAVE_4 V31 - -// message block -#define F_0 V18 -#define F_1 V19 -#define F_2 V20 -#define F_3 V21 -#define F_4 V22 - -// accumulator -#define H_0 V23 -#define H_1 V24 -#define H_2 V25 -#define H_3 V26 -#define H_4 V27 - -GLOBL ·keyMask<>(SB), RODATA, $16 -DATA ·keyMask<>+0(SB)/8, $0xffffff0ffcffff0f -DATA ·keyMask<>+8(SB)/8, $0xfcffff0ffcffff0f - -GLOBL ·bswapMask<>(SB), RODATA, $16 -DATA ·bswapMask<>+0(SB)/8, $0x0f0e0d0c0b0a0908 -DATA ·bswapMask<>+8(SB)/8, $0x0706050403020100 - -GLOBL ·constants<>(SB), RODATA, $64 -// MOD26 -DATA ·constants<>+0(SB)/8, $0x3ffffff -DATA ·constants<>+8(SB)/8, $0x3ffffff +// This implementation of Poly1305 uses the vector facility (vx) +// to process up to 2 blocks (32 bytes) per iteration using an +// algorithm based on the one described in: +// +// NEON crypto, Daniel J. Bernstein & Peter Schwabe +// https://cryptojedi.org/papers/neoncrypto-20120320.pdf +// +// This algorithm uses 5 26-bit limbs to represent a 130-bit +// value. These limbs are, for the most part, zero extended and +// placed into 64-bit vector register elements. Each vector +// register is 128-bits wide and so holds 2 of these elements. +// Using 26-bit limbs allows us plenty of headroom to accomodate +// accumulations before and after multiplication without +// overflowing either 32-bits (before multiplication) or 64-bits +// (after multiplication). +// +// In order to parallelise the operations required to calculate +// the sum we use two separate accumulators and then sum those +// in an extra final step. For compatibility with the generic +// implementation we perform this summation at the end of every +// updateVX call. +// +// To use two accumulators we must multiply the message blocks +// by r² rather than r. Only the final message block should be +// multiplied by r. +// +// Example: +// +// We want to calculate the sum (h) for a 64 byte message (m): +// +// h = m[0:16]r⁴ + m[16:32]r³ + m[32:48]r² + m[48:64]r +// +// To do this we split the calculation into the even indices +// and odd indices of the message. These form our SIMD 'lanes': +// +// h = m[ 0:16]r⁴ + m[32:48]r² + <- lane 0 +// m[16:32]r³ + m[48:64]r <- lane 1 +// +// To calculate this iteratively we refactor so that both lanes +// are written in terms of r² and r: +// +// h = (m[ 0:16]r² + m[32:48])r² + <- lane 0 +// (m[16:32]r² + m[48:64])r <- lane 1 +// ^ ^ +// | coefficients for second iteration +// coefficients for first iteration +// +// So in this case we would have two iterations. In the first +// both lanes are multiplied by r². In the second only the +// first lane is multiplied by r² and the second lane is +// instead multiplied by r. This gives use the odd and even +// powers of r that we need from the original equation. +// +// Notation: +// +// h - accumulator +// r - key +// m - message +// +// [a, b] - SIMD register holding two 64-bit values +// [a, b, c, d] - SIMD register holding four 32-bit values +// xᵢ[n] - limb n of variable x with bit width i +// +// Limbs are expressed in little endian order, so for 26-bit +// limbs x₂₆[4] will be the most significant limb and x₂₆[0] +// will be the least significant limb. + +// masking constants +#define MOD24 V0 // [0x0000000000ffffff, 0x0000000000ffffff] - mask low 24-bits +#define MOD26 V1 // [0x0000000003ffffff, 0x0000000003ffffff] - mask low 26-bits + +// expansion constants (see EXPAND macro) +#define EX0 V2 +#define EX1 V3 +#define EX2 V4 + +// key (r², r or 1 depending on context) +#define R_0 V5 +#define R_1 V6 +#define R_2 V7 +#define R_3 V8 +#define R_4 V9 + +// precalculated coefficients (5r², 5r or 0 depending on context) +#define R5_1 V10 +#define R5_2 V11 +#define R5_3 V12 +#define R5_4 V13 + +// message block (m) +#define M_0 V14 +#define M_1 V15 +#define M_2 V16 +#define M_3 V17 +#define M_4 V18 + +// accumulator (h) +#define H_0 V19 +#define H_1 V20 +#define H_2 V21 +#define H_3 V22 +#define H_4 V23 + +// temporary registers (for short-lived values) +#define T_0 V24 +#define T_1 V25 +#define T_2 V26 +#define T_3 V27 +#define T_4 V28 + +GLOBL ·constants<>(SB), RODATA, $0x30 // EX0 -DATA ·constants<>+16(SB)/8, $0x0006050403020100 -DATA ·constants<>+24(SB)/8, $0x1016151413121110 +DATA ·constants<>+0x00(SB)/8, $0x0006050403020100 +DATA ·constants<>+0x08(SB)/8, $0x1016151413121110 // EX1 -DATA ·constants<>+32(SB)/8, $0x060c0b0a09080706 -DATA ·constants<>+40(SB)/8, $0x161c1b1a19181716 +DATA ·constants<>+0x10(SB)/8, $0x060c0b0a09080706 +DATA ·constants<>+0x18(SB)/8, $0x161c1b1a19181716 // EX2 -DATA ·constants<>+48(SB)/8, $0x0d0d0d0d0d0f0e0d -DATA ·constants<>+56(SB)/8, $0x1d1d1d1d1d1f1e1d - -// h = (f*g) % (2**130-5) [partial reduction] +DATA ·constants<>+0x20(SB)/8, $0x0d0d0d0d0d0f0e0d +DATA ·constants<>+0x28(SB)/8, $0x1d1d1d1d1d1f1e1d + +// MULTIPLY multiplies each lane of f and g, partially reduced +// modulo 2¹³⁰ - 5. The result, h, consists of partial products +// in each lane that need to be reduced further to produce the +// final result. +// +// h₁₃₀ = (f₁₃₀g₁₃₀) % 2¹³⁰ + (5f₁₃₀g₁₃₀) / 2¹³⁰ +// +// Note that the multiplication by 5 of the high bits is +// achieved by precalculating the multiplication of four of the +// g coefficients by 5. These are g51-g54. #define MULTIPLY(f0, f1, f2, f3, f4, g0, g1, g2, g3, g4, g51, g52, g53, g54, h0, h1, h2, h3, h4) \ VMLOF f0, g0, h0 \ - VMLOF f0, g1, h1 \ - VMLOF f0, g2, h2 \ VMLOF f0, g3, h3 \ + VMLOF f0, g1, h1 \ VMLOF f0, g4, h4 \ + VMLOF f0, g2, h2 \ VMLOF f1, g54, T_0 \ - VMLOF f1, g0, T_1 \ - VMLOF f1, g1, T_2 \ VMLOF f1, g2, T_3 \ + VMLOF f1, g0, T_1 \ VMLOF f1, g3, T_4 \ + VMLOF f1, g1, T_2 \ VMALOF f2, g53, h0, h0 \ - VMALOF f2, g54, h1, h1 \ - VMALOF f2, g0, h2, h2 \ VMALOF f2, g1, h3, h3 \ + VMALOF f2, g54, h1, h1 \ VMALOF f2, g2, h4, h4 \ + VMALOF f2, g0, h2, h2 \ VMALOF f3, g52, T_0, T_0 \ - VMALOF f3, g53, T_1, T_1 \ - VMALOF f3, g54, T_2, T_2 \ VMALOF f3, g0, T_3, T_3 \ + VMALOF f3, g53, T_1, T_1 \ VMALOF f3, g1, T_4, T_4 \ + VMALOF f3, g54, T_2, T_2 \ VMALOF f4, g51, h0, h0 \ - VMALOF f4, g52, h1, h1 \ - VMALOF f4, g53, h2, h2 \ VMALOF f4, g54, h3, h3 \ + VMALOF f4, g52, h1, h1 \ VMALOF f4, g0, h4, h4 \ + VMALOF f4, g53, h2, h2 \ VAG T_0, h0, h0 \ - VAG T_1, h1, h1 \ - VAG T_2, h2, h2 \ VAG T_3, h3, h3 \ - VAG T_4, h4, h4 - -// carry h0->h1 h3->h4, h1->h2 h4->h0, h0->h1 h2->h3, h3->h4 + VAG T_1, h1, h1 \ + VAG T_4, h4, h4 \ + VAG T_2, h2, h2 + +// REDUCE performs the following carry operations in four +// stages, as specified in Bernstein & Schwabe: +// +// 1: h₂₆[0]->h₂₆[1] h₂₆[3]->h₂₆[4] +// 2: h₂₆[1]->h₂₆[2] h₂₆[4]->h₂₆[0] +// 3: h₂₆[0]->h₂₆[1] h₂₆[2]->h₂₆[3] +// 4: h₂₆[3]->h₂₆[4] +// +// The result is that all of the limbs are limited to 26-bits +// except for h₂₆[1] and h₂₆[4] which are limited to 27-bits. +// +// Note that although each limb is aligned at 26-bit intervals +// they may contain values that exceed 2²⁶ - 1, hence the need +// to carry the excess bits in each limb. #define REDUCE(h0, h1, h2, h3, h4) \ VESRLG $26, h0, T_0 \ VESRLG $26, h3, T_1 \ @@ -136,144 +208,155 @@ DATA ·constants<>+56(SB)/8, $0x1d1d1d1d1d1f1e1d VN MOD26, h3, h3 \ VAG T_2, h4, h4 -// expand in0 into d[0] and in1 into d[1] +// EXPAND splits the 128-bit little-endian values in0 and in1 +// into 26-bit big-endian limbs and places the results into +// the first and second lane of d₂₆[0:4] respectively. +// +// The EX0, EX1 and EX2 constants are arrays of byte indices +// for permutation. The permutation both reverses the bytes +// in the input and ensures the bytes are copied into the +// destination limb ready to be shifted into their final +// position. #define EXPAND(in0, in1, d0, d1, d2, d3, d4) \ - VGBM $0x0707, d1 \ // d1=tmp - VPERM in0, in1, EX2, d4 \ VPERM in0, in1, EX0, d0 \ VPERM in0, in1, EX1, d2 \ - VN d1, d4, d4 \ + VPERM in0, in1, EX2, d4 \ VESRLG $26, d0, d1 \ VESRLG $30, d2, d3 \ VESRLG $4, d2, d2 \ - VN MOD26, d0, d0 \ - VN MOD26, d1, d1 \ - VN MOD26, d2, d2 \ - VN MOD26, d3, d3 - -// pack h4:h0 into h1:h0 (no carry) -#define PACK(h0, h1, h2, h3, h4) \ - VESLG $26, h1, h1 \ - VESLG $26, h3, h3 \ - VO h0, h1, h0 \ - VO h2, h3, h2 \ - VESLG $4, h2, h2 \ - VLEIB $7, $48, h1 \ - VSLB h1, h2, h2 \ - VO h0, h2, h0 \ - VLEIB $7, $104, h1 \ - VSLB h1, h4, h3 \ - VO h3, h0, h0 \ - VLEIB $7, $24, h1 \ - VSRLB h1, h4, h1 - -// if h > 2**130-5 then h -= 2**130-5 -#define MOD(h0, h1, t0, t1, t2) \ - VZERO t0 \ - VLEIG $1, $5, t0 \ - VACCQ h0, t0, t1 \ - VAQ h0, t0, t0 \ - VONE t2 \ - VLEIG $1, $-4, t2 \ - VAQ t2, t1, t1 \ - VACCQ h1, t1, t1 \ - VONE t2 \ - VAQ t2, t1, t1 \ - VN h0, t1, t2 \ - VNC t0, t1, t1 \ - VO t1, t2, h0 - -// func poly1305vx(out *[16]byte, m *byte, mlen uint64, key *[32]key) -TEXT ·poly1305vx(SB), $0-32 - // This code processes up to 2 blocks (32 bytes) per iteration - // using the algorithm described in: - // NEON crypto, Daniel J. Bernstein & Peter Schwabe - // https://cryptojedi.org/papers/neoncrypto-20120320.pdf - LMG out+0(FP), R1, R4 // R1=out, R2=m, R3=mlen, R4=key - - // load MOD26, EX0, EX1 and EX2 + VN MOD26, d0, d0 \ // [in0₂₆[0], in1₂₆[0]] + VN MOD26, d3, d3 \ // [in0₂₆[3], in1₂₆[3]] + VN MOD26, d1, d1 \ // [in0₂₆[1], in1₂₆[1]] + VN MOD24, d4, d4 \ // [in0₂₆[4], in1₂₆[4]] + VN MOD26, d2, d2 // [in0₂₆[2], in1₂₆[2]] + +// func updateVX(state *macState, msg []byte) +TEXT ·updateVX(SB), NOSPLIT, $0 + MOVD state+0(FP), R1 + LMG msg+8(FP), R2, R3 // R2=msg_base, R3=msg_len + + // load EX0, EX1 and EX2 MOVD $·constants<>(SB), R5 - VLM (R5), MOD26, EX2 - - // setup r - VL (R4), T_0 - MOVD $·keyMask<>(SB), R6 - VL (R6), T_1 - VN T_0, T_1, T_0 - EXPAND(T_0, T_0, R_0, R_1, R_2, R_3, R_4) - - // setup r*5 - VLEIG $0, $5, T_0 - VLEIG $1, $5, T_0 - - // store r (for final block) - VMLOF T_0, R_1, R5SAVE_1 - VMLOF T_0, R_2, R5SAVE_2 - VMLOF T_0, R_3, R5SAVE_3 - VMLOF T_0, R_4, R5SAVE_4 - VLGVG $0, R_0, RSAVE_0 - VLGVG $0, R_1, RSAVE_1 - VLGVG $0, R_2, RSAVE_2 - VLGVG $0, R_3, RSAVE_3 - VLGVG $0, R_4, RSAVE_4 - - // skip r**2 calculation + VLM (R5), EX0, EX2 + + // generate masks + VGMG $(64-24), $63, MOD24 // [0x00ffffff, 0x00ffffff] + VGMG $(64-26), $63, MOD26 // [0x03ffffff, 0x03ffffff] + + // load h (accumulator) and r (key) from state + VZERO T_1 // [0, 0] + VL 0(R1), T_0 // [h₆₄[0], h₆₄[1]] + VLEG $0, 16(R1), T_1 // [h₆₄[2], 0] + VL 24(R1), T_2 // [r₆₄[0], r₆₄[1]] + VPDI $0, T_0, T_2, T_3 // [h₆₄[0], r₆₄[0]] + VPDI $5, T_0, T_2, T_4 // [h₆₄[1], r₆₄[1]] + + // unpack h and r into 26-bit limbs + // note: h₆₄[2] may have the low 3 bits set, so h₂₆[4] is a 27-bit value + VN MOD26, T_3, H_0 // [h₂₆[0], r₂₆[0]] + VZERO H_1 // [0, 0] + VZERO H_3 // [0, 0] + VGMG $(64-12-14), $(63-12), T_0 // [0x03fff000, 0x03fff000] - 26-bit mask with low 12 bits masked out + VESLG $24, T_1, T_1 // [h₆₄[2]<<24, 0] + VERIMG $-26&63, T_3, MOD26, H_1 // [h₂₆[1], r₂₆[1]] + VESRLG $+52&63, T_3, H_2 // [h₂₆[2], r₂₆[2]] - low 12 bits only + VERIMG $-14&63, T_4, MOD26, H_3 // [h₂₆[1], r₂₆[1]] + VESRLG $40, T_4, H_4 // [h₂₆[4], r₂₆[4]] - low 24 bits only + VERIMG $+12&63, T_4, T_0, H_2 // [h₂₆[2], r₂₆[2]] - complete + VO T_1, H_4, H_4 // [h₂₆[4], r₂₆[4]] - complete + + // replicate r across all 4 vector elements + VREPF $3, H_0, R_0 // [r₂₆[0], r₂₆[0], r₂₆[0], r₂₆[0]] + VREPF $3, H_1, R_1 // [r₂₆[1], r₂₆[1], r₂₆[1], r₂₆[1]] + VREPF $3, H_2, R_2 // [r₂₆[2], r₂₆[2], r₂₆[2], r₂₆[2]] + VREPF $3, H_3, R_3 // [r₂₆[3], r₂₆[3], r₂₆[3], r₂₆[3]] + VREPF $3, H_4, R_4 // [r₂₆[4], r₂₆[4], r₂₆[4], r₂₆[4]] + + // zero out lane 1 of h + VLEIG $1, $0, H_0 // [h₂₆[0], 0] + VLEIG $1, $0, H_1 // [h₂₆[1], 0] + VLEIG $1, $0, H_2 // [h₂₆[2], 0] + VLEIG $1, $0, H_3 // [h₂₆[3], 0] + VLEIG $1, $0, H_4 // [h₂₆[4], 0] + + // calculate 5r (ignore least significant limb) + VREPIF $5, T_0 + VMLF T_0, R_1, R5_1 // [5r₂₆[1], 5r₂₆[1], 5r₂₆[1], 5r₂₆[1]] + VMLF T_0, R_2, R5_2 // [5r₂₆[2], 5r₂₆[2], 5r₂₆[2], 5r₂₆[2]] + VMLF T_0, R_3, R5_3 // [5r₂₆[3], 5r₂₆[3], 5r₂₆[3], 5r₂₆[3]] + VMLF T_0, R_4, R5_4 // [5r₂₆[4], 5r₂₆[4], 5r₂₆[4], 5r₂₆[4]] + + // skip r² calculation if we are only calculating one block CMPBLE R3, $16, skip - // calculate r**2 - MULTIPLY(R_0, R_1, R_2, R_3, R_4, R_0, R_1, R_2, R_3, R_4, R5SAVE_1, R5SAVE_2, R5SAVE_3, R5SAVE_4, H_0, H_1, H_2, H_3, H_4) - REDUCE(H_0, H_1, H_2, H_3, H_4) - VLEIG $0, $5, T_0 - VLEIG $1, $5, T_0 - VMLOF T_0, H_1, R5_1 - VMLOF T_0, H_2, R5_2 - VMLOF T_0, H_3, R5_3 - VMLOF T_0, H_4, R5_4 - VLR H_0, R_0 - VLR H_1, R_1 - VLR H_2, R_2 - VLR H_3, R_3 - VLR H_4, R_4 - - // initialize h - VZERO H_0 - VZERO H_1 - VZERO H_2 - VZERO H_3 - VZERO H_4 + // calculate r² + MULTIPLY(R_0, R_1, R_2, R_3, R_4, R_0, R_1, R_2, R_3, R_4, R5_1, R5_2, R5_3, R5_4, M_0, M_1, M_2, M_3, M_4) + REDUCE(M_0, M_1, M_2, M_3, M_4) + VGBM $0x0f0f, T_0 + VERIMG $0, M_0, T_0, R_0 // [r₂₆[0], r²₂₆[0], r₂₆[0], r²₂₆[0]] + VERIMG $0, M_1, T_0, R_1 // [r₂₆[1], r²₂₆[1], r₂₆[1], r²₂₆[1]] + VERIMG $0, M_2, T_0, R_2 // [r₂₆[2], r²₂₆[2], r₂₆[2], r²₂₆[2]] + VERIMG $0, M_3, T_0, R_3 // [r₂₆[3], r²₂₆[3], r₂₆[3], r²₂₆[3]] + VERIMG $0, M_4, T_0, R_4 // [r₂₆[4], r²₂₆[4], r₂₆[4], r²₂₆[4]] + + // calculate 5r² (ignore least significant limb) + VREPIF $5, T_0 + VMLF T_0, R_1, R5_1 // [5r₂₆[1], 5r²₂₆[1], 5r₂₆[1], 5r²₂₆[1]] + VMLF T_0, R_2, R5_2 // [5r₂₆[2], 5r²₂₆[2], 5r₂₆[2], 5r²₂₆[2]] + VMLF T_0, R_3, R5_3 // [5r₂₆[3], 5r²₂₆[3], 5r₂₆[3], 5r²₂₆[3]] + VMLF T_0, R_4, R5_4 // [5r₂₆[4], 5r²₂₆[4], 5r₂₆[4], 5r²₂₆[4]] loop: - CMPBLE R3, $32, b2 - VLM (R2), T_0, T_1 - SUB $32, R3 - MOVD $32(R2), R2 - EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4) - VLEIB $4, $1, F_4 - VLEIB $12, $1, F_4 + CMPBLE R3, $32, b2 // 2 or fewer blocks remaining, need to change key coefficients + + // load next 2 blocks from message + VLM (R2), T_0, T_1 + + // update message slice + SUB $32, R3 + MOVD $32(R2), R2 + + // unpack message blocks into 26-bit big-endian limbs + EXPAND(T_0, T_1, M_0, M_1, M_2, M_3, M_4) + + // add 2¹²⁸ to each message block value + VLEIB $4, $1, M_4 + VLEIB $12, $1, M_4 multiply: - VAG H_0, F_0, F_0 - VAG H_1, F_1, F_1 - VAG H_2, F_2, F_2 - VAG H_3, F_3, F_3 - VAG H_4, F_4, F_4 - MULTIPLY(F_0, F_1, F_2, F_3, F_4, R_0, R_1, R_2, R_3, R_4, R5_1, R5_2, R5_3, R5_4, H_0, H_1, H_2, H_3, H_4) + // accumulate the incoming message + VAG H_0, M_0, M_0 + VAG H_3, M_3, M_3 + VAG H_1, M_1, M_1 + VAG H_4, M_4, M_4 + VAG H_2, M_2, M_2 + + // multiply the accumulator by the key coefficient + MULTIPLY(M_0, M_1, M_2, M_3, M_4, R_0, R_1, R_2, R_3, R_4, R5_1, R5_2, R5_3, R5_4, H_0, H_1, H_2, H_3, H_4) + + // carry and partially reduce the partial products REDUCE(H_0, H_1, H_2, H_3, H_4) + CMPBNE R3, $0, loop finish: - // sum vectors + // sum lane 0 and lane 1 and put the result in lane 1 VZERO T_0 VSUMQG H_0, T_0, H_0 - VSUMQG H_1, T_0, H_1 - VSUMQG H_2, T_0, H_2 VSUMQG H_3, T_0, H_3 + VSUMQG H_1, T_0, H_1 VSUMQG H_4, T_0, H_4 + VSUMQG H_2, T_0, H_2 - // h may be >= 2*(2**130-5) so we need to reduce it again + // reduce again after summation + // TODO(mundaym): there might be a more efficient way to do this + // now that we only have 1 active lane. For example, we could + // simultaneously pack the values as we reduce them. REDUCE(H_0, H_1, H_2, H_3, H_4) - // carry h1->h4 + // carry h[1] through to h[4] so that only h[4] can exceed 2²⁶ - 1 + // TODO(mundaym): in testing this final carry was unnecessary. + // Needs a proof before it can be removed though. VESRLG $26, H_1, T_1 VN MOD26, H_1, H_1 VAQ T_1, H_2, H_2 @@ -284,95 +367,137 @@ finish: VN MOD26, H_3, H_3 VAQ T_3, H_4, H_4 - // h is now < 2*(2**130-5) - // pack h into h1 (hi) and h0 (lo) - PACK(H_0, H_1, H_2, H_3, H_4) - - // if h > 2**130-5 then h -= 2**130-5 - MOD(H_0, H_1, T_0, T_1, T_2) - - // h += s - MOVD $·bswapMask<>(SB), R5 - VL (R5), T_1 - VL 16(R4), T_0 - VPERM T_0, T_0, T_1, T_0 // reverse bytes (to big) - VAQ T_0, H_0, H_0 - VPERM H_0, H_0, T_1, H_0 // reverse bytes (to little) - VST H_0, (R1) - + // h is now < 2(2¹³⁰ - 5) + // Pack each lane in h₂₆[0:4] into h₁₂₈[0:1]. + VESLG $26, H_1, H_1 + VESLG $26, H_3, H_3 + VO H_0, H_1, H_0 + VO H_2, H_3, H_2 + VESLG $4, H_2, H_2 + VLEIB $7, $48, H_1 + VSLB H_1, H_2, H_2 + VO H_0, H_2, H_0 + VLEIB $7, $104, H_1 + VSLB H_1, H_4, H_3 + VO H_3, H_0, H_0 + VLEIB $7, $24, H_1 + VSRLB H_1, H_4, H_1 + + // update state + VSTEG $1, H_0, 0(R1) + VSTEG $0, H_0, 8(R1) + VSTEG $1, H_1, 16(R1) RET -b2: +b2: // 2 or fewer blocks remaining CMPBLE R3, $16, b1 - // 2 blocks remaining - SUB $17, R3 - VL (R2), T_0 - VLL R3, 16(R2), T_1 - ADD $1, R3 + // Load the 2 remaining blocks (17-32 bytes remaining). + MOVD $-17(R3), R0 // index of final byte to load modulo 16 + VL (R2), T_0 // load full 16 byte block + VLL R0, 16(R2), T_1 // load final (possibly partial) block and pad with zeros to 16 bytes + + // The Poly1305 algorithm requires that a 1 bit be appended to + // each message block. If the final block is less than 16 bytes + // long then it is easiest to insert the 1 before the message + // block is split into 26-bit limbs. If, on the other hand, the + // final message block is 16 bytes long then we append the 1 bit + // after expansion as normal. MOVBZ $1, R0 - CMPBEQ R3, $16, 2(PC) - VLVGB R3, R0, T_1 - EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4) + MOVD $-16(R3), R3 // index of byte in last block to insert 1 at (could be 16) + CMPBEQ R3, $16, 2(PC) // skip the insertion if the final block is 16 bytes long + VLVGB R3, R0, T_1 // insert 1 into the byte at index R3 + + // Split both blocks into 26-bit limbs in the appropriate lanes. + EXPAND(T_0, T_1, M_0, M_1, M_2, M_3, M_4) + + // Append a 1 byte to the end of the second to last block. + VLEIB $4, $1, M_4 + + // Append a 1 byte to the end of the last block only if it is a + // full 16 byte block. CMPBNE R3, $16, 2(PC) - VLEIB $12, $1, F_4 - VLEIB $4, $1, F_4 - - // setup [r²,r] - VLVGG $1, RSAVE_0, R_0 - VLVGG $1, RSAVE_1, R_1 - VLVGG $1, RSAVE_2, R_2 - VLVGG $1, RSAVE_3, R_3 - VLVGG $1, RSAVE_4, R_4 - VPDI $0, R5_1, R5SAVE_1, R5_1 - VPDI $0, R5_2, R5SAVE_2, R5_2 - VPDI $0, R5_3, R5SAVE_3, R5_3 - VPDI $0, R5_4, R5SAVE_4, R5_4 + VLEIB $12, $1, M_4 + + // Finally, set up the coefficients for the final multiplication. + // We have previously saved r and 5r in the 32-bit even indexes + // of the R_[0-4] and R5_[1-4] coefficient registers. + // + // We want lane 0 to be multiplied by r² so that can be kept the + // same. We want lane 1 to be multiplied by r so we need to move + // the saved r value into the 32-bit odd index in lane 1 by + // rotating the 64-bit lane by 32. + VGBM $0x00ff, T_0 // [0, 0xffffffffffffffff] - mask lane 1 only + VERIMG $32, R_0, T_0, R_0 // [_, r²₂₆[0], _, r₂₆[0]] + VERIMG $32, R_1, T_0, R_1 // [_, r²₂₆[1], _, r₂₆[1]] + VERIMG $32, R_2, T_0, R_2 // [_, r²₂₆[2], _, r₂₆[2]] + VERIMG $32, R_3, T_0, R_3 // [_, r²₂₆[3], _, r₂₆[3]] + VERIMG $32, R_4, T_0, R_4 // [_, r²₂₆[4], _, r₂₆[4]] + VERIMG $32, R5_1, T_0, R5_1 // [_, 5r²₂₆[1], _, 5r₂₆[1]] + VERIMG $32, R5_2, T_0, R5_2 // [_, 5r²₂₆[2], _, 5r₂₆[2]] + VERIMG $32, R5_3, T_0, R5_3 // [_, 5r²₂₆[3], _, 5r₂₆[3]] + VERIMG $32, R5_4, T_0, R5_4 // [_, 5r²₂₆[4], _, 5r₂₆[4]] MOVD $0, R3 BR multiply skip: - VZERO H_0 - VZERO H_1 - VZERO H_2 - VZERO H_3 - VZERO H_4 - CMPBEQ R3, $0, finish -b1: - // 1 block remaining - SUB $1, R3 - VLL R3, (R2), T_0 - ADD $1, R3 +b1: // 1 block remaining + + // Load the final block (1-16 bytes). This will be placed into + // lane 0. + MOVD $-1(R3), R0 + VLL R0, (R2), T_0 // pad to 16 bytes with zeros + + // The Poly1305 algorithm requires that a 1 bit be appended to + // each message block. If the final block is less than 16 bytes + // long then it is easiest to insert the 1 before the message + // block is split into 26-bit limbs. If, on the other hand, the + // final message block is 16 bytes long then we append the 1 bit + // after expansion as normal. MOVBZ $1, R0 CMPBEQ R3, $16, 2(PC) VLVGB R3, R0, T_0 - VZERO T_1 - EXPAND(T_0, T_1, F_0, F_1, F_2, F_3, F_4) + + // Set the message block in lane 1 to the value 0 so that it + // can be accumulated without affecting the final result. + VZERO T_1 + + // Split the final message block into 26-bit limbs in lane 0. + // Lane 1 will be contain 0. + EXPAND(T_0, T_1, M_0, M_1, M_2, M_3, M_4) + + // Append a 1 byte to the end of the last block only if it is a + // full 16 byte block. CMPBNE R3, $16, 2(PC) - VLEIB $4, $1, F_4 - VLEIG $1, $1, R_0 - VZERO R_1 - VZERO R_2 - VZERO R_3 - VZERO R_4 - VZERO R5_1 - VZERO R5_2 - VZERO R5_3 - VZERO R5_4 - - // setup [r, 1] - VLVGG $0, RSAVE_0, R_0 - VLVGG $0, RSAVE_1, R_1 - VLVGG $0, RSAVE_2, R_2 - VLVGG $0, RSAVE_3, R_3 - VLVGG $0, RSAVE_4, R_4 - VPDI $0, R5SAVE_1, R5_1, R5_1 - VPDI $0, R5SAVE_2, R5_2, R5_2 - VPDI $0, R5SAVE_3, R5_3, R5_3 - VPDI $0, R5SAVE_4, R5_4, R5_4 + VLEIB $4, $1, M_4 + + // We have previously saved r and 5r in the 32-bit even indexes + // of the R_[0-4] and R5_[1-4] coefficient registers. + // + // We want lane 0 to be multiplied by r so we need to move the + // saved r value into the 32-bit odd index in lane 0. We want + // lane 1 to be set to the value 1. This makes multiplication + // a no-op. We do this by setting lane 1 in every register to 0 + // and then just setting the 32-bit index 3 in R_0 to 1. + VZERO T_0 + MOVD $0, R0 + MOVD $0x10111213, R12 + VLVGP R12, R0, T_1 // [_, 0x10111213, _, 0x00000000] + VPERM T_0, R_0, T_1, R_0 // [_, r₂₆[0], _, 0] + VPERM T_0, R_1, T_1, R_1 // [_, r₂₆[1], _, 0] + VPERM T_0, R_2, T_1, R_2 // [_, r₂₆[2], _, 0] + VPERM T_0, R_3, T_1, R_3 // [_, r₂₆[3], _, 0] + VPERM T_0, R_4, T_1, R_4 // [_, r₂₆[4], _, 0] + VPERM T_0, R5_1, T_1, R5_1 // [_, 5r₂₆[1], _, 0] + VPERM T_0, R5_2, T_1, R5_2 // [_, 5r₂₆[2], _, 0] + VPERM T_0, R5_3, T_1, R5_3 // [_, 5r₂₆[3], _, 0] + VPERM T_0, R5_4, T_1, R5_4 // [_, 5r₂₆[4], _, 0] + + // Set the value of lane 1 to be 1. + VLEIF $3, $1, R_0 // [_, r₂₆[0], _, 1] MOVD $0, R3 BR multiply diff --git a/vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s b/vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s deleted file mode 100644 index e60bbc1d7f..0000000000 --- a/vendor/golang.org/x/crypto/poly1305/sum_vmsl_s390x.s +++ /dev/null @@ -1,909 +0,0 @@ -// Copyright 2018 The Go Authors. All rights reserved. -// Use of this source code is governed by a BSD-style -// license that can be found in the LICENSE file. - -// +build s390x,go1.11,!gccgo,!appengine - -#include "textflag.h" - -// Implementation of Poly1305 using the vector facility (vx) and the VMSL instruction. - -// constants -#define EX0 V1 -#define EX1 V2 -#define EX2 V3 - -// temporaries -#define T_0 V4 -#define T_1 V5 -#define T_2 V6 -#define T_3 V7 -#define T_4 V8 -#define T_5 V9 -#define T_6 V10 -#define T_7 V11 -#define T_8 V12 -#define T_9 V13 -#define T_10 V14 - -// r**2 & r**4 -#define R_0 V15 -#define R_1 V16 -#define R_2 V17 -#define R5_1 V18 -#define R5_2 V19 -// key (r) -#define RSAVE_0 R7 -#define RSAVE_1 R8 -#define RSAVE_2 R9 -#define R5SAVE_1 R10 -#define R5SAVE_2 R11 - -// message block -#define M0 V20 -#define M1 V21 -#define M2 V22 -#define M3 V23 -#define M4 V24 -#define M5 V25 - -// accumulator -#define H0_0 V26 -#define H1_0 V27 -#define H2_0 V28 -#define H0_1 V29 -#define H1_1 V30 -#define H2_1 V31 - -GLOBL ·keyMask<>(SB), RODATA, $16 -DATA ·keyMask<>+0(SB)/8, $0xffffff0ffcffff0f -DATA ·keyMask<>+8(SB)/8, $0xfcffff0ffcffff0f - -GLOBL ·bswapMask<>(SB), RODATA, $16 -DATA ·bswapMask<>+0(SB)/8, $0x0f0e0d0c0b0a0908 -DATA ·bswapMask<>+8(SB)/8, $0x0706050403020100 - -GLOBL ·constants<>(SB), RODATA, $48 -// EX0 -DATA ·constants<>+0(SB)/8, $0x18191a1b1c1d1e1f -DATA ·constants<>+8(SB)/8, $0x0000050403020100 -// EX1 -DATA ·constants<>+16(SB)/8, $0x18191a1b1c1d1e1f -DATA ·constants<>+24(SB)/8, $0x00000a0908070605 -// EX2 -DATA ·constants<>+32(SB)/8, $0x18191a1b1c1d1e1f -DATA ·constants<>+40(SB)/8, $0x0000000f0e0d0c0b - -GLOBL ·c<>(SB), RODATA, $48 -// EX0 -DATA ·c<>+0(SB)/8, $0x0000050403020100 -DATA ·c<>+8(SB)/8, $0x0000151413121110 -// EX1 -DATA ·c<>+16(SB)/8, $0x00000a0908070605 -DATA ·c<>+24(SB)/8, $0x00001a1918171615 -// EX2 -DATA ·c<>+32(SB)/8, $0x0000000f0e0d0c0b -DATA ·c<>+40(SB)/8, $0x0000001f1e1d1c1b - -GLOBL ·reduce<>(SB), RODATA, $32 -// 44 bit -DATA ·reduce<>+0(SB)/8, $0x0 -DATA ·reduce<>+8(SB)/8, $0xfffffffffff -// 42 bit -DATA ·reduce<>+16(SB)/8, $0x0 -DATA ·reduce<>+24(SB)/8, $0x3ffffffffff - -// h = (f*g) % (2**130-5) [partial reduction] -// uses T_0...T_9 temporary registers -// input: m02_0, m02_1, m02_2, m13_0, m13_1, m13_2, r_0, r_1, r_2, r5_1, r5_2, m4_0, m4_1, m4_2, m5_0, m5_1, m5_2 -// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8, t9 -// output: m02_0, m02_1, m02_2, m13_0, m13_1, m13_2 -#define MULTIPLY(m02_0, m02_1, m02_2, m13_0, m13_1, m13_2, r_0, r_1, r_2, r5_1, r5_2, m4_0, m4_1, m4_2, m5_0, m5_1, m5_2, t0, t1, t2, t3, t4, t5, t6, t7, t8, t9) \ - \ // Eliminate the dependency for the last 2 VMSLs - VMSLG m02_0, r_2, m4_2, m4_2 \ - VMSLG m13_0, r_2, m5_2, m5_2 \ // 8 VMSLs pipelined - VMSLG m02_0, r_0, m4_0, m4_0 \ - VMSLG m02_1, r5_2, V0, T_0 \ - VMSLG m02_0, r_1, m4_1, m4_1 \ - VMSLG m02_1, r_0, V0, T_1 \ - VMSLG m02_1, r_1, V0, T_2 \ - VMSLG m02_2, r5_1, V0, T_3 \ - VMSLG m02_2, r5_2, V0, T_4 \ - VMSLG m13_0, r_0, m5_0, m5_0 \ - VMSLG m13_1, r5_2, V0, T_5 \ - VMSLG m13_0, r_1, m5_1, m5_1 \ - VMSLG m13_1, r_0, V0, T_6 \ - VMSLG m13_1, r_1, V0, T_7 \ - VMSLG m13_2, r5_1, V0, T_8 \ - VMSLG m13_2, r5_2, V0, T_9 \ - VMSLG m02_2, r_0, m4_2, m4_2 \ - VMSLG m13_2, r_0, m5_2, m5_2 \ - VAQ m4_0, T_0, m02_0 \ - VAQ m4_1, T_1, m02_1 \ - VAQ m5_0, T_5, m13_0 \ - VAQ m5_1, T_6, m13_1 \ - VAQ m02_0, T_3, m02_0 \ - VAQ m02_1, T_4, m02_1 \ - VAQ m13_0, T_8, m13_0 \ - VAQ m13_1, T_9, m13_1 \ - VAQ m4_2, T_2, m02_2 \ - VAQ m5_2, T_7, m13_2 \ - -// SQUARE uses three limbs of r and r_2*5 to output square of r -// uses T_1, T_5 and T_7 temporary registers -// input: r_0, r_1, r_2, r5_2 -// temp: TEMP0, TEMP1, TEMP2 -// output: p0, p1, p2 -#define SQUARE(r_0, r_1, r_2, r5_2, p0, p1, p2, TEMP0, TEMP1, TEMP2) \ - VMSLG r_0, r_0, p0, p0 \ - VMSLG r_1, r5_2, V0, TEMP0 \ - VMSLG r_2, r5_2, p1, p1 \ - VMSLG r_0, r_1, V0, TEMP1 \ - VMSLG r_1, r_1, p2, p2 \ - VMSLG r_0, r_2, V0, TEMP2 \ - VAQ TEMP0, p0, p0 \ - VAQ TEMP1, p1, p1 \ - VAQ TEMP2, p2, p2 \ - VAQ TEMP0, p0, p0 \ - VAQ TEMP1, p1, p1 \ - VAQ TEMP2, p2, p2 \ - -// carry h0->h1->h2->h0 || h3->h4->h5->h3 -// uses T_2, T_4, T_5, T_7, T_8, T_9 -// t6, t7, t8, t9, t10, t11 -// input: h0, h1, h2, h3, h4, h5 -// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11 -// output: h0, h1, h2, h3, h4, h5 -#define REDUCE(h0, h1, h2, h3, h4, h5, t0, t1, t2, t3, t4, t5, t6, t7, t8, t9, t10, t11) \ - VLM (R12), t6, t7 \ // 44 and 42 bit clear mask - VLEIB $7, $0x28, t10 \ // 5 byte shift mask - VREPIB $4, t8 \ // 4 bit shift mask - VREPIB $2, t11 \ // 2 bit shift mask - VSRLB t10, h0, t0 \ // h0 byte shift - VSRLB t10, h1, t1 \ // h1 byte shift - VSRLB t10, h2, t2 \ // h2 byte shift - VSRLB t10, h3, t3 \ // h3 byte shift - VSRLB t10, h4, t4 \ // h4 byte shift - VSRLB t10, h5, t5 \ // h5 byte shift - VSRL t8, t0, t0 \ // h0 bit shift - VSRL t8, t1, t1 \ // h2 bit shift - VSRL t11, t2, t2 \ // h2 bit shift - VSRL t8, t3, t3 \ // h3 bit shift - VSRL t8, t4, t4 \ // h4 bit shift - VESLG $2, t2, t9 \ // h2 carry x5 - VSRL t11, t5, t5 \ // h5 bit shift - VN t6, h0, h0 \ // h0 clear carry - VAQ t2, t9, t2 \ // h2 carry x5 - VESLG $2, t5, t9 \ // h5 carry x5 - VN t6, h1, h1 \ // h1 clear carry - VN t7, h2, h2 \ // h2 clear carry - VAQ t5, t9, t5 \ // h5 carry x5 - VN t6, h3, h3 \ // h3 clear carry - VN t6, h4, h4 \ // h4 clear carry - VN t7, h5, h5 \ // h5 clear carry - VAQ t0, h1, h1 \ // h0->h1 - VAQ t3, h4, h4 \ // h3->h4 - VAQ t1, h2, h2 \ // h1->h2 - VAQ t4, h5, h5 \ // h4->h5 - VAQ t2, h0, h0 \ // h2->h0 - VAQ t5, h3, h3 \ // h5->h3 - VREPG $1, t6, t6 \ // 44 and 42 bit masks across both halves - VREPG $1, t7, t7 \ - VSLDB $8, h0, h0, h0 \ // set up [h0/1/2, h3/4/5] - VSLDB $8, h1, h1, h1 \ - VSLDB $8, h2, h2, h2 \ - VO h0, h3, h3 \ - VO h1, h4, h4 \ - VO h2, h5, h5 \ - VESRLG $44, h3, t0 \ // 44 bit shift right - VESRLG $44, h4, t1 \ - VESRLG $42, h5, t2 \ - VN t6, h3, h3 \ // clear carry bits - VN t6, h4, h4 \ - VN t7, h5, h5 \ - VESLG $2, t2, t9 \ // multiply carry by 5 - VAQ t9, t2, t2 \ - VAQ t0, h4, h4 \ - VAQ t1, h5, h5 \ - VAQ t2, h3, h3 \ - -// carry h0->h1->h2->h0 -// input: h0, h1, h2 -// temp: t0, t1, t2, t3, t4, t5, t6, t7, t8 -// output: h0, h1, h2 -#define REDUCE2(h0, h1, h2, t0, t1, t2, t3, t4, t5, t6, t7, t8) \ - VLEIB $7, $0x28, t3 \ // 5 byte shift mask - VREPIB $4, t4 \ // 4 bit shift mask - VREPIB $2, t7 \ // 2 bit shift mask - VGBM $0x003F, t5 \ // mask to clear carry bits - VSRLB t3, h0, t0 \ - VSRLB t3, h1, t1 \ - VSRLB t3, h2, t2 \ - VESRLG $4, t5, t5 \ // 44 bit clear mask - VSRL t4, t0, t0 \ - VSRL t4, t1, t1 \ - VSRL t7, t2, t2 \ - VESRLG $2, t5, t6 \ // 42 bit clear mask - VESLG $2, t2, t8 \ - VAQ t8, t2, t2 \ - VN t5, h0, h0 \ - VN t5, h1, h1 \ - VN t6, h2, h2 \ - VAQ t0, h1, h1 \ - VAQ t1, h2, h2 \ - VAQ t2, h0, h0 \ - VSRLB t3, h0, t0 \ - VSRLB t3, h1, t1 \ - VSRLB t3, h2, t2 \ - VSRL t4, t0, t0 \ - VSRL t4, t1, t1 \ - VSRL t7, t2, t2 \ - VN t5, h0, h0 \ - VN t5, h1, h1 \ - VESLG $2, t2, t8 \ - VN t6, h2, h2 \ - VAQ t0, h1, h1 \ - VAQ t8, t2, t2 \ - VAQ t1, h2, h2 \ - VAQ t2, h0, h0 \ - -// expands two message blocks into the lower halfs of the d registers -// moves the contents of the d registers into upper halfs -// input: in1, in2, d0, d1, d2, d3, d4, d5 -// temp: TEMP0, TEMP1, TEMP2, TEMP3 -// output: d0, d1, d2, d3, d4, d5 -#define EXPACC(in1, in2, d0, d1, d2, d3, d4, d5, TEMP0, TEMP1, TEMP2, TEMP3) \ - VGBM $0xff3f, TEMP0 \ - VGBM $0xff1f, TEMP1 \ - VESLG $4, d1, TEMP2 \ - VESLG $4, d4, TEMP3 \ - VESRLG $4, TEMP0, TEMP0 \ - VPERM in1, d0, EX0, d0 \ - VPERM in2, d3, EX0, d3 \ - VPERM in1, d2, EX2, d2 \ - VPERM in2, d5, EX2, d5 \ - VPERM in1, TEMP2, EX1, d1 \ - VPERM in2, TEMP3, EX1, d4 \ - VN TEMP0, d0, d0 \ - VN TEMP0, d3, d3 \ - VESRLG $4, d1, d1 \ - VESRLG $4, d4, d4 \ - VN TEMP1, d2, d2 \ - VN TEMP1, d5, d5 \ - VN TEMP0, d1, d1 \ - VN TEMP0, d4, d4 \ - -// expands one message block into the lower halfs of the d registers -// moves the contents of the d registers into upper halfs -// input: in, d0, d1, d2 -// temp: TEMP0, TEMP1, TEMP2 -// output: d0, d1, d2 -#define EXPACC2(in, d0, d1, d2, TEMP0, TEMP1, TEMP2) \ - VGBM $0xff3f, TEMP0 \ - VESLG $4, d1, TEMP2 \ - VGBM $0xff1f, TEMP1 \ - VPERM in, d0, EX0, d0 \ - VESRLG $4, TEMP0, TEMP0 \ - VPERM in, d2, EX2, d2 \ - VPERM in, TEMP2, EX1, d1 \ - VN TEMP0, d0, d0 \ - VN TEMP1, d2, d2 \ - VESRLG $4, d1, d1 \ - VN TEMP0, d1, d1 \ - -// pack h2:h0 into h1:h0 (no carry) -// input: h0, h1, h2 -// output: h0, h1, h2 -#define PACK(h0, h1, h2) \ - VMRLG h1, h2, h2 \ // copy h1 to upper half h2 - VESLG $44, h1, h1 \ // shift limb 1 44 bits, leaving 20 - VO h0, h1, h0 \ // combine h0 with 20 bits from limb 1 - VESRLG $20, h2, h1 \ // put top 24 bits of limb 1 into h1 - VLEIG $1, $0, h1 \ // clear h2 stuff from lower half of h1 - VO h0, h1, h0 \ // h0 now has 88 bits (limb 0 and 1) - VLEIG $0, $0, h2 \ // clear upper half of h2 - VESRLG $40, h2, h1 \ // h1 now has upper two bits of result - VLEIB $7, $88, h1 \ // for byte shift (11 bytes) - VSLB h1, h2, h2 \ // shift h2 11 bytes to the left - VO h0, h2, h0 \ // combine h0 with 20 bits from limb 1 - VLEIG $0, $0, h1 \ // clear upper half of h1 - -// if h > 2**130-5 then h -= 2**130-5 -// input: h0, h1 -// temp: t0, t1, t2 -// output: h0 -#define MOD(h0, h1, t0, t1, t2) \ - VZERO t0 \ - VLEIG $1, $5, t0 \ - VACCQ h0, t0, t1 \ - VAQ h0, t0, t0 \ - VONE t2 \ - VLEIG $1, $-4, t2 \ - VAQ t2, t1, t1 \ - VACCQ h1, t1, t1 \ - VONE t2 \ - VAQ t2, t1, t1 \ - VN h0, t1, t2 \ - VNC t0, t1, t1 \ - VO t1, t2, h0 \ - -// func poly1305vmsl(out *[16]byte, m *byte, mlen uint64, key *[32]key) -TEXT ·poly1305vmsl(SB), $0-32 - // This code processes 6 + up to 4 blocks (32 bytes) per iteration - // using the algorithm described in: - // NEON crypto, Daniel J. Bernstein & Peter Schwabe - // https://cryptojedi.org/papers/neoncrypto-20120320.pdf - // And as moddified for VMSL as described in - // Accelerating Poly1305 Cryptographic Message Authentication on the z14 - // O'Farrell et al, CASCON 2017, p48-55 - // https://ibm.ent.box.com/s/jf9gedj0e9d2vjctfyh186shaztavnht - - LMG out+0(FP), R1, R4 // R1=out, R2=m, R3=mlen, R4=key - VZERO V0 // c - - // load EX0, EX1 and EX2 - MOVD $·constants<>(SB), R5 - VLM (R5), EX0, EX2 // c - - // setup r - VL (R4), T_0 - MOVD $·keyMask<>(SB), R6 - VL (R6), T_1 - VN T_0, T_1, T_0 - VZERO T_2 // limbs for r - VZERO T_3 - VZERO T_4 - EXPACC2(T_0, T_2, T_3, T_4, T_1, T_5, T_7) - - // T_2, T_3, T_4: [0, r] - - // setup r*20 - VLEIG $0, $0, T_0 - VLEIG $1, $20, T_0 // T_0: [0, 20] - VZERO T_5 - VZERO T_6 - VMSLG T_0, T_3, T_5, T_5 - VMSLG T_0, T_4, T_6, T_6 - - // store r for final block in GR - VLGVG $1, T_2, RSAVE_0 // c - VLGVG $1, T_3, RSAVE_1 // c - VLGVG $1, T_4, RSAVE_2 // c - VLGVG $1, T_5, R5SAVE_1 // c - VLGVG $1, T_6, R5SAVE_2 // c - - // initialize h - VZERO H0_0 - VZERO H1_0 - VZERO H2_0 - VZERO H0_1 - VZERO H1_1 - VZERO H2_1 - - // initialize pointer for reduce constants - MOVD $·reduce<>(SB), R12 - - // calculate r**2 and 20*(r**2) - VZERO R_0 - VZERO R_1 - VZERO R_2 - SQUARE(T_2, T_3, T_4, T_6, R_0, R_1, R_2, T_1, T_5, T_7) - REDUCE2(R_0, R_1, R_2, M0, M1, M2, M3, M4, R5_1, R5_2, M5, T_1) - VZERO R5_1 - VZERO R5_2 - VMSLG T_0, R_1, R5_1, R5_1 - VMSLG T_0, R_2, R5_2, R5_2 - - // skip r**4 calculation if 3 blocks or less - CMPBLE R3, $48, b4 - - // calculate r**4 and 20*(r**4) - VZERO T_8 - VZERO T_9 - VZERO T_10 - SQUARE(R_0, R_1, R_2, R5_2, T_8, T_9, T_10, T_1, T_5, T_7) - REDUCE2(T_8, T_9, T_10, M0, M1, M2, M3, M4, T_2, T_3, M5, T_1) - VZERO T_2 - VZERO T_3 - VMSLG T_0, T_9, T_2, T_2 - VMSLG T_0, T_10, T_3, T_3 - - // put r**2 to the right and r**4 to the left of R_0, R_1, R_2 - VSLDB $8, T_8, T_8, T_8 - VSLDB $8, T_9, T_9, T_9 - VSLDB $8, T_10, T_10, T_10 - VSLDB $8, T_2, T_2, T_2 - VSLDB $8, T_3, T_3, T_3 - - VO T_8, R_0, R_0 - VO T_9, R_1, R_1 - VO T_10, R_2, R_2 - VO T_2, R5_1, R5_1 - VO T_3, R5_2, R5_2 - - CMPBLE R3, $80, load // less than or equal to 5 blocks in message - - // 6(or 5+1) blocks - SUB $81, R3 - VLM (R2), M0, M4 - VLL R3, 80(R2), M5 - ADD $1, R3 - MOVBZ $1, R0 - CMPBGE R3, $16, 2(PC) - VLVGB R3, R0, M5 - MOVD $96(R2), R2 - EXPACC(M0, M1, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3) - EXPACC(M2, M3, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3) - VLEIB $2, $1, H2_0 - VLEIB $2, $1, H2_1 - VLEIB $10, $1, H2_0 - VLEIB $10, $1, H2_1 - - VZERO M0 - VZERO M1 - VZERO M2 - VZERO M3 - VZERO T_4 - VZERO T_10 - EXPACC(M4, M5, M0, M1, M2, M3, T_4, T_10, T_0, T_1, T_2, T_3) - VLR T_4, M4 - VLEIB $10, $1, M2 - CMPBLT R3, $16, 2(PC) - VLEIB $10, $1, T_10 - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M2, M3, M4, T_4, T_5, T_2, T_7, T_8, T_9) - VMRHG V0, H0_1, H0_0 - VMRHG V0, H1_1, H1_0 - VMRHG V0, H2_1, H2_0 - VMRLG V0, H0_1, H0_1 - VMRLG V0, H1_1, H1_1 - VMRLG V0, H2_1, H2_1 - - SUB $16, R3 - CMPBLE R3, $0, square - -load: - // load EX0, EX1 and EX2 - MOVD $·c<>(SB), R5 - VLM (R5), EX0, EX2 - -loop: - CMPBLE R3, $64, add // b4 // last 4 or less blocks left - - // next 4 full blocks - VLM (R2), M2, M5 - SUB $64, R3 - MOVD $64(R2), R2 - REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, T_0, T_1, T_3, T_4, T_5, T_2, T_7, T_8, T_9) - - // expacc in-lined to create [m2, m3] limbs - VGBM $0x3f3f, T_0 // 44 bit clear mask - VGBM $0x1f1f, T_1 // 40 bit clear mask - VPERM M2, M3, EX0, T_3 - VESRLG $4, T_0, T_0 // 44 bit clear mask ready - VPERM M2, M3, EX1, T_4 - VPERM M2, M3, EX2, T_5 - VN T_0, T_3, T_3 - VESRLG $4, T_4, T_4 - VN T_1, T_5, T_5 - VN T_0, T_4, T_4 - VMRHG H0_1, T_3, H0_0 - VMRHG H1_1, T_4, H1_0 - VMRHG H2_1, T_5, H2_0 - VMRLG H0_1, T_3, H0_1 - VMRLG H1_1, T_4, H1_1 - VMRLG H2_1, T_5, H2_1 - VLEIB $10, $1, H2_0 - VLEIB $10, $1, H2_1 - VPERM M4, M5, EX0, T_3 - VPERM M4, M5, EX1, T_4 - VPERM M4, M5, EX2, T_5 - VN T_0, T_3, T_3 - VESRLG $4, T_4, T_4 - VN T_1, T_5, T_5 - VN T_0, T_4, T_4 - VMRHG V0, T_3, M0 - VMRHG V0, T_4, M1 - VMRHG V0, T_5, M2 - VMRLG V0, T_3, M3 - VMRLG V0, T_4, M4 - VMRLG V0, T_5, M5 - VLEIB $10, $1, M2 - VLEIB $10, $1, M5 - - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - CMPBNE R3, $0, loop - REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9) - VMRHG V0, H0_1, H0_0 - VMRHG V0, H1_1, H1_0 - VMRHG V0, H2_1, H2_0 - VMRLG V0, H0_1, H0_1 - VMRLG V0, H1_1, H1_1 - VMRLG V0, H2_1, H2_1 - - // load EX0, EX1, EX2 - MOVD $·constants<>(SB), R5 - VLM (R5), EX0, EX2 - - // sum vectors - VAQ H0_0, H0_1, H0_0 - VAQ H1_0, H1_1, H1_0 - VAQ H2_0, H2_1, H2_0 - - // h may be >= 2*(2**130-5) so we need to reduce it again - // M0...M4 are used as temps here - REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5) - -next: // carry h1->h2 - VLEIB $7, $0x28, T_1 - VREPIB $4, T_2 - VGBM $0x003F, T_3 - VESRLG $4, T_3 - - // byte shift - VSRLB T_1, H1_0, T_4 - - // bit shift - VSRL T_2, T_4, T_4 - - // clear h1 carry bits - VN T_3, H1_0, H1_0 - - // add carry - VAQ T_4, H2_0, H2_0 - - // h is now < 2*(2**130-5) - // pack h into h1 (hi) and h0 (lo) - PACK(H0_0, H1_0, H2_0) - - // if h > 2**130-5 then h -= 2**130-5 - MOD(H0_0, H1_0, T_0, T_1, T_2) - - // h += s - MOVD $·bswapMask<>(SB), R5 - VL (R5), T_1 - VL 16(R4), T_0 - VPERM T_0, T_0, T_1, T_0 // reverse bytes (to big) - VAQ T_0, H0_0, H0_0 - VPERM H0_0, H0_0, T_1, H0_0 // reverse bytes (to little) - VST H0_0, (R1) - RET - -add: - // load EX0, EX1, EX2 - MOVD $·constants<>(SB), R5 - VLM (R5), EX0, EX2 - - REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9) - VMRHG V0, H0_1, H0_0 - VMRHG V0, H1_1, H1_0 - VMRHG V0, H2_1, H2_0 - VMRLG V0, H0_1, H0_1 - VMRLG V0, H1_1, H1_1 - VMRLG V0, H2_1, H2_1 - CMPBLE R3, $64, b4 - -b4: - CMPBLE R3, $48, b3 // 3 blocks or less - - // 4(3+1) blocks remaining - SUB $49, R3 - VLM (R2), M0, M2 - VLL R3, 48(R2), M3 - ADD $1, R3 - MOVBZ $1, R0 - CMPBEQ R3, $16, 2(PC) - VLVGB R3, R0, M3 - MOVD $64(R2), R2 - EXPACC(M0, M1, H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_0, T_1, T_2, T_3) - VLEIB $10, $1, H2_0 - VLEIB $10, $1, H2_1 - VZERO M0 - VZERO M1 - VZERO M4 - VZERO M5 - VZERO T_4 - VZERO T_10 - EXPACC(M2, M3, M0, M1, M4, M5, T_4, T_10, T_0, T_1, T_2, T_3) - VLR T_4, M2 - VLEIB $10, $1, M4 - CMPBNE R3, $16, 2(PC) - VLEIB $10, $1, T_10 - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M4, M5, M2, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M3, M4, M5, T_4, T_5, T_2, T_7, T_8, T_9) - VMRHG V0, H0_1, H0_0 - VMRHG V0, H1_1, H1_0 - VMRHG V0, H2_1, H2_0 - VMRLG V0, H0_1, H0_1 - VMRLG V0, H1_1, H1_1 - VMRLG V0, H2_1, H2_1 - SUB $16, R3 - CMPBLE R3, $0, square // this condition must always hold true! - -b3: - CMPBLE R3, $32, b2 - - // 3 blocks remaining - - // setup [r²,r] - VSLDB $8, R_0, R_0, R_0 - VSLDB $8, R_1, R_1, R_1 - VSLDB $8, R_2, R_2, R_2 - VSLDB $8, R5_1, R5_1, R5_1 - VSLDB $8, R5_2, R5_2, R5_2 - - VLVGG $1, RSAVE_0, R_0 - VLVGG $1, RSAVE_1, R_1 - VLVGG $1, RSAVE_2, R_2 - VLVGG $1, R5SAVE_1, R5_1 - VLVGG $1, R5SAVE_2, R5_2 - - // setup [h0, h1] - VSLDB $8, H0_0, H0_0, H0_0 - VSLDB $8, H1_0, H1_0, H1_0 - VSLDB $8, H2_0, H2_0, H2_0 - VO H0_1, H0_0, H0_0 - VO H1_1, H1_0, H1_0 - VO H2_1, H2_0, H2_0 - VZERO H0_1 - VZERO H1_1 - VZERO H2_1 - - VZERO M0 - VZERO M1 - VZERO M2 - VZERO M3 - VZERO M4 - VZERO M5 - - // H*[r**2, r] - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, H0_1, H1_1, T_10, M5) - - SUB $33, R3 - VLM (R2), M0, M1 - VLL R3, 32(R2), M2 - ADD $1, R3 - MOVBZ $1, R0 - CMPBEQ R3, $16, 2(PC) - VLVGB R3, R0, M2 - - // H += m0 - VZERO T_1 - VZERO T_2 - VZERO T_3 - EXPACC2(M0, T_1, T_2, T_3, T_4, T_5, T_6) - VLEIB $10, $1, T_3 - VAG H0_0, T_1, H0_0 - VAG H1_0, T_2, H1_0 - VAG H2_0, T_3, H2_0 - - VZERO M0 - VZERO M3 - VZERO M4 - VZERO M5 - VZERO T_10 - - // (H+m0)*r - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M3, M4, M5, V0, T_10, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - REDUCE2(H0_0, H1_0, H2_0, M0, M3, M4, M5, T_10, H0_1, H1_1, H2_1, T_9) - - // H += m1 - VZERO V0 - VZERO T_1 - VZERO T_2 - VZERO T_3 - EXPACC2(M1, T_1, T_2, T_3, T_4, T_5, T_6) - VLEIB $10, $1, T_3 - VAQ H0_0, T_1, H0_0 - VAQ H1_0, T_2, H1_0 - VAQ H2_0, T_3, H2_0 - REDUCE2(H0_0, H1_0, H2_0, M0, M3, M4, M5, T_9, H0_1, H1_1, H2_1, T_10) - - // [H, m2] * [r**2, r] - EXPACC2(M2, H0_0, H1_0, H2_0, T_1, T_2, T_3) - CMPBNE R3, $16, 2(PC) - VLEIB $10, $1, H2_0 - VZERO M0 - VZERO M1 - VZERO M2 - VZERO M3 - VZERO M4 - VZERO M5 - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, H0_1, H1_1, M5, T_10) - SUB $16, R3 - CMPBLE R3, $0, next // this condition must always hold true! - -b2: - CMPBLE R3, $16, b1 - - // 2 blocks remaining - - // setup [r²,r] - VSLDB $8, R_0, R_0, R_0 - VSLDB $8, R_1, R_1, R_1 - VSLDB $8, R_2, R_2, R_2 - VSLDB $8, R5_1, R5_1, R5_1 - VSLDB $8, R5_2, R5_2, R5_2 - - VLVGG $1, RSAVE_0, R_0 - VLVGG $1, RSAVE_1, R_1 - VLVGG $1, RSAVE_2, R_2 - VLVGG $1, R5SAVE_1, R5_1 - VLVGG $1, R5SAVE_2, R5_2 - - // setup [h0, h1] - VSLDB $8, H0_0, H0_0, H0_0 - VSLDB $8, H1_0, H1_0, H1_0 - VSLDB $8, H2_0, H2_0, H2_0 - VO H0_1, H0_0, H0_0 - VO H1_1, H1_0, H1_0 - VO H2_1, H2_0, H2_0 - VZERO H0_1 - VZERO H1_1 - VZERO H2_1 - - VZERO M0 - VZERO M1 - VZERO M2 - VZERO M3 - VZERO M4 - VZERO M5 - - // H*[r**2, r] - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - REDUCE(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, T_10, M0, M1, M2, M3, M4, T_4, T_5, T_2, T_7, T_8, T_9) - VMRHG V0, H0_1, H0_0 - VMRHG V0, H1_1, H1_0 - VMRHG V0, H2_1, H2_0 - VMRLG V0, H0_1, H0_1 - VMRLG V0, H1_1, H1_1 - VMRLG V0, H2_1, H2_1 - - // move h to the left and 0s at the right - VSLDB $8, H0_0, H0_0, H0_0 - VSLDB $8, H1_0, H1_0, H1_0 - VSLDB $8, H2_0, H2_0, H2_0 - - // get message blocks and append 1 to start - SUB $17, R3 - VL (R2), M0 - VLL R3, 16(R2), M1 - ADD $1, R3 - MOVBZ $1, R0 - CMPBEQ R3, $16, 2(PC) - VLVGB R3, R0, M1 - VZERO T_6 - VZERO T_7 - VZERO T_8 - EXPACC2(M0, T_6, T_7, T_8, T_1, T_2, T_3) - EXPACC2(M1, T_6, T_7, T_8, T_1, T_2, T_3) - VLEIB $2, $1, T_8 - CMPBNE R3, $16, 2(PC) - VLEIB $10, $1, T_8 - - // add [m0, m1] to h - VAG H0_0, T_6, H0_0 - VAG H1_0, T_7, H1_0 - VAG H2_0, T_8, H2_0 - - VZERO M2 - VZERO M3 - VZERO M4 - VZERO M5 - VZERO T_10 - VZERO M0 - - // at this point R_0 .. R5_2 look like [r**2, r] - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M2, M3, M4, M5, T_10, M0, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - REDUCE2(H0_0, H1_0, H2_0, M2, M3, M4, M5, T_9, H0_1, H1_1, H2_1, T_10) - SUB $16, R3, R3 - CMPBLE R3, $0, next - -b1: - CMPBLE R3, $0, next - - // 1 block remaining - - // setup [r²,r] - VSLDB $8, R_0, R_0, R_0 - VSLDB $8, R_1, R_1, R_1 - VSLDB $8, R_2, R_2, R_2 - VSLDB $8, R5_1, R5_1, R5_1 - VSLDB $8, R5_2, R5_2, R5_2 - - VLVGG $1, RSAVE_0, R_0 - VLVGG $1, RSAVE_1, R_1 - VLVGG $1, RSAVE_2, R_2 - VLVGG $1, R5SAVE_1, R5_1 - VLVGG $1, R5SAVE_2, R5_2 - - // setup [h0, h1] - VSLDB $8, H0_0, H0_0, H0_0 - VSLDB $8, H1_0, H1_0, H1_0 - VSLDB $8, H2_0, H2_0, H2_0 - VO H0_1, H0_0, H0_0 - VO H1_1, H1_0, H1_0 - VO H2_1, H2_0, H2_0 - VZERO H0_1 - VZERO H1_1 - VZERO H2_1 - - VZERO M0 - VZERO M1 - VZERO M2 - VZERO M3 - VZERO M4 - VZERO M5 - - // H*[r**2, r] - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5) - - // set up [0, m0] limbs - SUB $1, R3 - VLL R3, (R2), M0 - ADD $1, R3 - MOVBZ $1, R0 - CMPBEQ R3, $16, 2(PC) - VLVGB R3, R0, M0 - VZERO T_1 - VZERO T_2 - VZERO T_3 - EXPACC2(M0, T_1, T_2, T_3, T_4, T_5, T_6)// limbs: [0, m] - CMPBNE R3, $16, 2(PC) - VLEIB $10, $1, T_3 - - // h+m0 - VAQ H0_0, T_1, H0_0 - VAQ H1_0, T_2, H1_0 - VAQ H2_0, T_3, H2_0 - - VZERO M0 - VZERO M1 - VZERO M2 - VZERO M3 - VZERO M4 - VZERO M5 - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5) - - BR next - -square: - // setup [r²,r] - VSLDB $8, R_0, R_0, R_0 - VSLDB $8, R_1, R_1, R_1 - VSLDB $8, R_2, R_2, R_2 - VSLDB $8, R5_1, R5_1, R5_1 - VSLDB $8, R5_2, R5_2, R5_2 - - VLVGG $1, RSAVE_0, R_0 - VLVGG $1, RSAVE_1, R_1 - VLVGG $1, RSAVE_2, R_2 - VLVGG $1, R5SAVE_1, R5_1 - VLVGG $1, R5SAVE_2, R5_2 - - // setup [h0, h1] - VSLDB $8, H0_0, H0_0, H0_0 - VSLDB $8, H1_0, H1_0, H1_0 - VSLDB $8, H2_0, H2_0, H2_0 - VO H0_1, H0_0, H0_0 - VO H1_1, H1_0, H1_0 - VO H2_1, H2_0, H2_0 - VZERO H0_1 - VZERO H1_1 - VZERO H2_1 - - VZERO M0 - VZERO M1 - VZERO M2 - VZERO M3 - VZERO M4 - VZERO M5 - - // (h0*r**2) + (h1*r) - MULTIPLY(H0_0, H1_0, H2_0, H0_1, H1_1, H2_1, R_0, R_1, R_2, R5_1, R5_2, M0, M1, M2, M3, M4, M5, T_0, T_1, T_2, T_3, T_4, T_5, T_6, T_7, T_8, T_9) - REDUCE2(H0_0, H1_0, H2_0, M0, M1, M2, M3, M4, T_9, T_10, H0_1, M5) - BR next diff --git a/vendor/golang.org/x/crypto/ssh/terminal/terminal.go b/vendor/golang.org/x/crypto/ssh/terminal/terminal.go index d1b4fca3a9..2ffb97bfb8 100644 --- a/vendor/golang.org/x/crypto/ssh/terminal/terminal.go +++ b/vendor/golang.org/x/crypto/ssh/terminal/terminal.go @@ -113,6 +113,7 @@ func NewTerminal(c io.ReadWriter, prompt string) *Terminal { } const ( + keyCtrlC = 3 keyCtrlD = 4 keyCtrlU = 21 keyEnter = '\r' @@ -151,8 +152,12 @@ func bytesToKey(b []byte, pasteActive bool) (rune, []byte) { switch b[0] { case 1: // ^A return keyHome, b[1:] + case 2: // ^B + return keyLeft, b[1:] case 5: // ^E return keyEnd, b[1:] + case 6: // ^F + return keyRight, b[1:] case 8: // ^H return keyBackspace, b[1:] case 11: // ^K @@ -738,6 +743,9 @@ func (t *Terminal) readLine() (line string, err error) { return "", io.EOF } } + if key == keyCtrlC { + return "", io.EOF + } if key == keyPasteStart { t.pasteActive = true if len(t.line) == 0 { diff --git a/vendor/k8s.io/api/core/v1/generated.proto b/vendor/k8s.io/api/core/v1/generated.proto index 3ae96250c2..916e2601e6 100644 --- a/vendor/k8s.io/api/core/v1/generated.proto +++ b/vendor/k8s.io/api/core/v1/generated.proto @@ -424,6 +424,7 @@ message ComponentCondition { } // ComponentStatus (and ComponentStatusList) holds the cluster validation info. +// Deprecated: This API is deprecated in v1.19+ message ComponentStatus { // Standard object's metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata @@ -438,6 +439,7 @@ message ComponentStatus { } // Status of all the conditions for the component as a list of ComponentStatus objects. +// Deprecated: This API is deprecated in v1.19+ message ComponentStatusList { // Standard list metadata. // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds diff --git a/vendor/k8s.io/api/core/v1/lifecycle.go b/vendor/k8s.io/api/core/v1/lifecycle.go new file mode 100644 index 0000000000..21ca90e815 --- /dev/null +++ b/vendor/k8s.io/api/core/v1/lifecycle.go @@ -0,0 +1,37 @@ +/* +Copyright 2020 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1 + +// APILifecycleIntroduced returns the release in which the API struct was introduced as int versions of major and minor for comparison. +func (in *ComponentStatus) APILifecycleIntroduced() (major, minor int) { + return 1, 0 +} + +// APILifecycleDeprecated returns the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. +func (in *ComponentStatus) APILifecycleDeprecated() (major, minor int) { + return 1, 19 +} + +// APILifecycleIntroduced returns the release in which the API struct was introduced as int versions of major and minor for comparison. +func (in *ComponentStatusList) APILifecycleIntroduced() (major, minor int) { + return 1, 0 +} + +// APILifecycleDeprecated returns the release in which the API struct was or will be deprecated as int versions of major and minor for comparison. +func (in *ComponentStatusList) APILifecycleDeprecated() (major, minor int) { + return 1, 19 +} diff --git a/vendor/k8s.io/api/core/v1/types.go b/vendor/k8s.io/api/core/v1/types.go index 08b6c70067..f3ec52e71c 100644 --- a/vendor/k8s.io/api/core/v1/types.go +++ b/vendor/k8s.io/api/core/v1/types.go @@ -5828,6 +5828,7 @@ type ComponentCondition struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // ComponentStatus (and ComponentStatusList) holds the cluster validation info. +// Deprecated: This API is deprecated in v1.19+ type ComponentStatus struct { metav1.TypeMeta `json:",inline"` // Standard object's metadata. @@ -5845,6 +5846,7 @@ type ComponentStatus struct { // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // Status of all the conditions for the component as a list of ComponentStatus objects. +// Deprecated: This API is deprecated in v1.19+ type ComponentStatusList struct { metav1.TypeMeta `json:",inline"` // Standard list metadata. diff --git a/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go b/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go index 2969a9b0e5..61832b8159 100644 --- a/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go +++ b/vendor/k8s.io/api/core/v1/types_swagger_doc_generated.go @@ -230,7 +230,7 @@ func (ComponentCondition) SwaggerDoc() map[string]string { } var map_ComponentStatus = map[string]string{ - "": "ComponentStatus (and ComponentStatusList) holds the cluster validation info.", + "": "ComponentStatus (and ComponentStatusList) holds the cluster validation info. Deprecated: This API is deprecated in v1.19+", "metadata": "Standard object's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", "conditions": "List of component conditions observed", } @@ -240,7 +240,7 @@ func (ComponentStatus) SwaggerDoc() map[string]string { } var map_ComponentStatusList = map[string]string{ - "": "Status of all the conditions for the component as a list of ComponentStatus objects.", + "": "Status of all the conditions for the component as a list of ComponentStatus objects. Deprecated: This API is deprecated in v1.19+", "metadata": "Standard list metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", "items": "List of ComponentStatus objects.", } diff --git a/vendor/k8s.io/apimachinery/pkg/runtime/converter.go b/vendor/k8s.io/apimachinery/pkg/runtime/converter.go index 31f6e00b0f..871e4c8c46 100644 --- a/vendor/k8s.io/apimachinery/pkg/runtime/converter.go +++ b/vendor/k8s.io/apimachinery/pkg/runtime/converter.go @@ -31,7 +31,7 @@ import ( "k8s.io/apimachinery/pkg/conversion" "k8s.io/apimachinery/pkg/util/json" utilruntime "k8s.io/apimachinery/pkg/util/runtime" - "sigs.k8s.io/structured-merge-diff/v3/value" + "sigs.k8s.io/structured-merge-diff/v4/value" "k8s.io/klog/v2" ) diff --git a/vendor/k8s.io/apimachinery/pkg/util/net/http.go b/vendor/k8s.io/apimachinery/pkg/util/net/http.go index 406df25e0b..945886c438 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/net/http.go +++ b/vendor/k8s.io/apimachinery/pkg/util/net/http.go @@ -62,8 +62,11 @@ func JoinPreservingTrailingSlash(elem ...string) string { // IsTimeout returns true if the given error is a network timeout error func IsTimeout(err error) bool { - neterr, ok := err.(net.Error) - return ok && neterr != nil && neterr.Timeout() + var neterr net.Error + if errors.As(err, &neterr) { + return neterr != nil && neterr.Timeout() + } + return false } // IsProbableEOF returns true if the given error resembles a connection termination @@ -76,7 +79,8 @@ func IsProbableEOF(err error) bool { if err == nil { return false } - if uerr, ok := err.(*url.Error); ok { + var uerr *url.Error + if errors.As(err, &uerr) { err = uerr.Err } msg := err.Error() diff --git a/vendor/k8s.io/apimachinery/pkg/util/net/util.go b/vendor/k8s.io/apimachinery/pkg/util/net/util.go index 2e7cb94994..5950087e02 100644 --- a/vendor/k8s.io/apimachinery/pkg/util/net/util.go +++ b/vendor/k8s.io/apimachinery/pkg/util/net/util.go @@ -17,9 +17,8 @@ limitations under the License. package net import ( + "errors" "net" - "net/url" - "os" "reflect" "syscall" ) @@ -40,34 +39,18 @@ func IPNetEqual(ipnet1, ipnet2 *net.IPNet) bool { // Returns if the given err is "connection reset by peer" error. func IsConnectionReset(err error) bool { - if urlErr, ok := err.(*url.Error); ok { - err = urlErr.Err - } - if opErr, ok := err.(*net.OpError); ok { - err = opErr.Err - } - if osErr, ok := err.(*os.SyscallError); ok { - err = osErr.Err - } - if errno, ok := err.(syscall.Errno); ok && errno == syscall.ECONNRESET { - return true + var errno syscall.Errno + if errors.As(err, &errno) { + return errno == syscall.ECONNRESET } return false } // Returns if the given err is "connection refused" error func IsConnectionRefused(err error) bool { - if urlErr, ok := err.(*url.Error); ok { - err = urlErr.Err - } - if opErr, ok := err.(*net.OpError); ok { - err = opErr.Err - } - if osErr, ok := err.(*os.SyscallError); ok { - err = osErr.Err - } - if errno, ok := err.(syscall.Errno); ok && errno == syscall.ECONNREFUSED { - return true + var errno syscall.Errno + if errors.As(err, &errno) { + return errno == syscall.ECONNREFUSED } return false } diff --git a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/capmanagers.go b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/capmanagers.go index 8e92699532..ae91bf0b9e 100644 --- a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/capmanagers.go +++ b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/capmanagers.go @@ -23,7 +23,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal" - "sigs.k8s.io/structured-merge-diff/v3/fieldpath" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" ) type capManagersManager struct { diff --git a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/fieldmanager.go b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/fieldmanager.go index 77ce75ab29..2f6e5bd08c 100644 --- a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/fieldmanager.go +++ b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/fieldmanager.go @@ -28,8 +28,8 @@ import ( "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal" "k8s.io/klog/v2" openapiproto "k8s.io/kube-openapi/pkg/util/proto" - "sigs.k8s.io/structured-merge-diff/v3/fieldpath" - "sigs.k8s.io/structured-merge-diff/v3/merge" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" + "sigs.k8s.io/structured-merge-diff/v4/merge" ) // DefaultMaxUpdateManagers defines the default maximum retained number of managedFields entries from updates diff --git a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/conflict.go b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/conflict.go index 2bc0d0ad8a..cfa19d8d9a 100644 --- a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/conflict.go +++ b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/conflict.go @@ -25,8 +25,8 @@ import ( "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "sigs.k8s.io/structured-merge-diff/v3/fieldpath" - "sigs.k8s.io/structured-merge-diff/v3/merge" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" + "sigs.k8s.io/structured-merge-diff/v4/merge" ) // NewConflictError returns an error including details on the requests apply conflicts diff --git a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/fields.go b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/fields.go index 60117211a6..08186191a7 100644 --- a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/fields.go +++ b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/fields.go @@ -21,7 +21,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "sigs.k8s.io/structured-merge-diff/v3/fieldpath" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" ) // EmptyFields represents a set with no paths diff --git a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/gvkparser.go b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/gvkparser.go index f917fcd435..5e2f82c750 100644 --- a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/gvkparser.go +++ b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/gvkparser.go @@ -22,7 +22,7 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/kube-openapi/pkg/schemaconv" "k8s.io/kube-openapi/pkg/util/proto" - "sigs.k8s.io/structured-merge-diff/v3/typed" + "sigs.k8s.io/structured-merge-diff/v4/typed" ) // groupVersionKindExtensionKey is the key used to lookup the diff --git a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/managedfields.go b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/managedfields.go index c5434b101e..9a625e2acf 100644 --- a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/managedfields.go +++ b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/managedfields.go @@ -24,7 +24,7 @@ import ( "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" - "sigs.k8s.io/structured-merge-diff/v3/fieldpath" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" ) // ManagedInterface groups a fieldpath.ManagedFields together with the timestamps associated with each operation. diff --git a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/pathelement.go b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/pathelement.go index 393420a70b..1954d65d32 100644 --- a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/pathelement.go +++ b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/pathelement.go @@ -23,8 +23,8 @@ import ( "strconv" "strings" - "sigs.k8s.io/structured-merge-diff/v3/fieldpath" - "sigs.k8s.io/structured-merge-diff/v3/value" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" + "sigs.k8s.io/structured-merge-diff/v4/value" ) const ( diff --git a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/typeconverter.go b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/typeconverter.go index 7b87009a16..6669665dde 100644 --- a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/typeconverter.go +++ b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/typeconverter.go @@ -23,8 +23,8 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/kube-openapi/pkg/util/proto" - "sigs.k8s.io/structured-merge-diff/v3/typed" - "sigs.k8s.io/structured-merge-diff/v3/value" + "sigs.k8s.io/structured-merge-diff/v4/typed" + "sigs.k8s.io/structured-merge-diff/v4/value" ) // TypeConverter allows you to convert from runtime.Object to diff --git a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/versionconverter.go b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/versionconverter.go index 15628b0275..fc59f2f0ef 100644 --- a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/versionconverter.go +++ b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal/versionconverter.go @@ -19,9 +19,9 @@ package internal import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" - "sigs.k8s.io/structured-merge-diff/v3/fieldpath" - "sigs.k8s.io/structured-merge-diff/v3/merge" - "sigs.k8s.io/structured-merge-diff/v3/typed" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" + "sigs.k8s.io/structured-merge-diff/v4/merge" + "sigs.k8s.io/structured-merge-diff/v4/typed" ) // versionConverter is an implementation of diff --git a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/lastappliedmanager.go b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/lastappliedmanager.go index 2fb54d9e11..7c4079a6e6 100644 --- a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/lastappliedmanager.go +++ b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/lastappliedmanager.go @@ -26,8 +26,8 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal" - "sigs.k8s.io/structured-merge-diff/v3/fieldpath" - "sigs.k8s.io/structured-merge-diff/v3/merge" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" + "sigs.k8s.io/structured-merge-diff/v4/merge" ) type lastAppliedManager struct { diff --git a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/managedfieldsupdater.go b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/managedfieldsupdater.go index a015e002ae..b3ecd63933 100644 --- a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/managedfieldsupdater.go +++ b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/managedfieldsupdater.go @@ -21,7 +21,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" - "sigs.k8s.io/structured-merge-diff/v3/fieldpath" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" ) type managedFieldsUpdater struct { diff --git a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/stripmeta.go b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/stripmeta.go index fc8ee9b583..1460d9c802 100644 --- a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/stripmeta.go +++ b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/stripmeta.go @@ -20,7 +20,7 @@ import ( "fmt" "k8s.io/apimachinery/pkg/runtime" - "sigs.k8s.io/structured-merge-diff/v3/fieldpath" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" ) type stripMetaManager struct { diff --git a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/structuredmerge.go b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/structuredmerge.go index 2cab9b311e..a4761d3acd 100644 --- a/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/structuredmerge.go +++ b/vendor/k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/structuredmerge.go @@ -24,8 +24,8 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apiserver/pkg/endpoints/handlers/fieldmanager/internal" - "sigs.k8s.io/structured-merge-diff/v3/fieldpath" - "sigs.k8s.io/structured-merge-diff/v3/merge" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" + "sigs.k8s.io/structured-merge-diff/v4/merge" ) type structuredMergeManager struct { diff --git a/vendor/k8s.io/apiserver/pkg/server/config.go b/vendor/k8s.io/apiserver/pkg/server/config.go index d9bfc8a706..9699177ff2 100644 --- a/vendor/k8s.io/apiserver/pkg/server/config.go +++ b/vendor/k8s.io/apiserver/pkg/server/config.go @@ -614,11 +614,11 @@ func (c completedConfig) New(name string, delegationTarget DelegationTarget) (*G if err != nil { return nil, err } - // TODO: Once we get rid of /healthz consider changing this to post-start-hook. - err = s.addReadyzChecks(healthz.NewInformerSyncHealthz(c.SharedInformerFactory)) - if err != nil { - return nil, err - } + } + // TODO: Once we get rid of /healthz consider changing this to post-start-hook. + err := s.addReadyzChecks(healthz.NewInformerSyncHealthz(c.SharedInformerFactory)) + if err != nil { + return nil, err } } @@ -626,6 +626,7 @@ func (c completedConfig) New(name string, delegationTarget DelegationTarget) (*G if s.isPostStartHookRegistered(priorityAndFairnessConfigConsumerHookName) { } else if c.FlowControl != nil { err := s.AddPostStartHook(priorityAndFairnessConfigConsumerHookName, func(context PostStartHookContext) error { + go c.FlowControl.MaintainObservations(context.StopCh) go c.FlowControl.Run(context.StopCh) return nil }) diff --git a/vendor/k8s.io/apiserver/pkg/server/filters/priority-and-fairness.go b/vendor/k8s.io/apiserver/pkg/server/filters/priority-and-fairness.go index 224f371374..339b1e2c59 100644 --- a/vendor/k8s.io/apiserver/pkg/server/filters/priority-and-fairness.go +++ b/vendor/k8s.io/apiserver/pkg/server/filters/priority-and-fairness.go @@ -144,6 +144,7 @@ func WithPriorityAndFairness( } }, execute) if !served { + epmetrics.RecordRequestTermination(r, requestInfo, epmetrics.APIServerComponent, http.StatusTooManyRequests) tooManyRequests(r, w) } diff --git a/vendor/k8s.io/apiserver/pkg/server/healthz/healthz.go b/vendor/k8s.io/apiserver/pkg/server/healthz/healthz.go index f22bbfcada..b2d0007f54 100644 --- a/vendor/k8s.io/apiserver/pkg/server/healthz/healthz.go +++ b/vendor/k8s.io/apiserver/pkg/server/healthz/healthz.go @@ -20,6 +20,7 @@ import ( "bytes" "fmt" "net/http" + "reflect" "strings" "sync" "sync/atomic" @@ -29,7 +30,6 @@ import ( "k8s.io/apimachinery/pkg/util/wait" "k8s.io/apiserver/pkg/endpoints/metrics" "k8s.io/apiserver/pkg/server/httplog" - "k8s.io/client-go/informers" "k8s.io/klog/v2" ) @@ -82,16 +82,20 @@ func (l *log) Check(_ *http.Request) error { return fmt.Errorf("logging blocked") } +type cacheSyncWaiter interface { + WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool +} + type informerSync struct { - sharedInformerFactory informers.SharedInformerFactory + cacheSyncWaiter cacheSyncWaiter } var _ HealthChecker = &informerSync{} -// NewInformerSyncHealthz returns a new HealthChecker that will pass only if all informers in the given sharedInformerFactory sync. -func NewInformerSyncHealthz(sharedInformerFactory informers.SharedInformerFactory) HealthChecker { +// NewInformerSyncHealthz returns a new HealthChecker that will pass only if all informers in the given cacheSyncWaiter sync. +func NewInformerSyncHealthz(cacheSyncWaiter cacheSyncWaiter) HealthChecker { return &informerSync{ - sharedInformerFactory: sharedInformerFactory, + cacheSyncWaiter: cacheSyncWaiter, } } @@ -104,8 +108,8 @@ func (i *informerSync) Check(_ *http.Request) error { // Close stopCh to force checking if informers are synced now. close(stopCh) - var informersByStarted map[bool][]string - for informerType, started := range i.sharedInformerFactory.WaitForCacheSync(stopCh) { + informersByStarted := make(map[bool][]string) + for informerType, started := range i.cacheSyncWaiter.WaitForCacheSync(stopCh) { informersByStarted[started] = append(informersByStarted[started], informerType.String()) } diff --git a/vendor/k8s.io/apiserver/pkg/storage/etcd3/store.go b/vendor/k8s.io/apiserver/pkg/storage/etcd3/store.go index 812cfc69c6..14643dad91 100644 --- a/vendor/k8s.io/apiserver/pkg/storage/etcd3/store.go +++ b/vendor/k8s.io/apiserver/pkg/storage/etcd3/store.go @@ -572,7 +572,7 @@ func (s *store) List(ctx context.Context, key string, opts storage.ListOptions, fromRV = &parsedRV } - var returnedRV, continueRV int64 + var returnedRV, continueRV, withRev int64 var continueKey string switch { case s.pagingEnabled && len(pred.Continue) > 0: @@ -593,7 +593,7 @@ func (s *store) List(ctx context.Context, key string, opts storage.ListOptions, // continueRV==0 is invalid. // If continueRV < 0, the request is for the latest resource version. if continueRV > 0 { - options = append(options, clientv3.WithRev(continueRV)) + withRev = continueRV returnedRV = continueRV } case s.pagingEnabled && pred.Limit > 0: @@ -604,11 +604,11 @@ func (s *store) List(ctx context.Context, key string, opts storage.ListOptions, // and returnedRV is then set to the revision we get from the etcd response. case metav1.ResourceVersionMatchExact: returnedRV = int64(*fromRV) - options = append(options, clientv3.WithRev(returnedRV)) + withRev = returnedRV case "": // legacy case if *fromRV > 0 { returnedRV = int64(*fromRV) - options = append(options, clientv3.WithRev(returnedRV)) + withRev = returnedRV } default: return fmt.Errorf("unknown ResourceVersionMatch value: %v", match) @@ -625,7 +625,7 @@ func (s *store) List(ctx context.Context, key string, opts storage.ListOptions, // and returnedRV is then set to the revision we get from the etcd response. case metav1.ResourceVersionMatchExact: returnedRV = int64(*fromRV) - options = append(options, clientv3.WithRev(returnedRV)) + withRev = returnedRV case "": // legacy case default: return fmt.Errorf("unknown ResourceVersionMatch value: %v", match) @@ -634,6 +634,9 @@ func (s *store) List(ctx context.Context, key string, opts storage.ListOptions, options = append(options, clientv3.WithPrefix()) } + if withRev != 0 { + options = append(options, clientv3.WithRev(withRev)) + } // loop until we have filled the requested limit from etcd or there are no more results var lastKey []byte @@ -695,6 +698,10 @@ func (s *store) List(ctx context.Context, key string, opts storage.ListOptions, break } key = string(lastKey) + "\x00" + if withRev == 0 { + withRev = returnedRV + options = append(options, clientv3.WithRev(withRev)) + } } // instruct the client to begin querying from immediately after the last key we returned diff --git a/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_controller.go b/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_controller.go index 91f3570234..50eb332721 100644 --- a/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_controller.go +++ b/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_controller.go @@ -227,6 +227,23 @@ func (cfgCtlr *configController) initializeConfigController(informerFactory kube }}) } +// MaintainObservations keeps the observers from +// metrics.PriorityLevelConcurrencyObserverPairGenerator from falling +// too far behind +func (cfgCtlr *configController) MaintainObservations(stopCh <-chan struct{}) { + wait.Until(cfgCtlr.updateObservations, 10*time.Second, stopCh) +} + +func (cfgCtlr *configController) updateObservations() { + cfgCtlr.lock.Lock() + defer cfgCtlr.lock.Unlock() + for _, plc := range cfgCtlr.priorityLevelStates { + if plc.queues != nil { + plc.queues.UpdateObservations() + } + } +} + func (cfgCtlr *configController) Run(stopCh <-chan struct{}) error { defer cfgCtlr.configQueue.ShutDown() klog.Info("Starting API Priority and Fairness config controller") diff --git a/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_controller_debug.go b/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_controller_debug.go index 04d4df7c73..b7c9164c2f 100644 --- a/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_controller_debug.go +++ b/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_controller_debug.go @@ -58,7 +58,7 @@ func (cfgCtlr *configController) dumpPriorityLevels(w http.ResponseWriter, r *ht "ExecutingRequests", // 6 } tabPrint(tabWriter, rowForHeaders(columnHeaders)) - endline(tabWriter) + endLine(tabWriter) for _, plState := range cfgCtlr.priorityLevelStates { if plState.queues == nil { tabPrint(tabWriter, row( @@ -69,7 +69,7 @@ func (cfgCtlr *configController) dumpPriorityLevels(w http.ResponseWriter, r *ht "", // 5 "", // 6 )) - endline(tabWriter) + endLine(tabWriter) continue } queueSetDigest := plState.queues.Dump(false) @@ -88,7 +88,7 @@ func (cfgCtlr *configController) dumpPriorityLevels(w http.ResponseWriter, r *ht queueSetDigest.Waiting, // 5 queueSetDigest.Executing, // 6 )) - endline(tabWriter) + endLine(tabWriter) } runtime.HandleError(tabWriter.Flush()) } @@ -105,7 +105,7 @@ func (cfgCtlr *configController) dumpQueues(w http.ResponseWriter, r *http.Reque "VirtualStart", // 5 } tabPrint(tabWriter, rowForHeaders(columnHeaders)) - endline(tabWriter) + endLine(tabWriter) for _, plState := range cfgCtlr.priorityLevelStates { if plState.queues == nil { tabPrint(tabWriter, row( @@ -115,7 +115,7 @@ func (cfgCtlr *configController) dumpQueues(w http.ResponseWriter, r *http.Reque "", // 4 "", // 5 )) - endline(tabWriter) + endLine(tabWriter) continue } queueSetDigest := plState.queues.Dump(false) @@ -127,7 +127,7 @@ func (cfgCtlr *configController) dumpQueues(w http.ResponseWriter, r *http.Reque q.ExecutingRequests, // 4 q.VirtualStart, // 5 )) - endline(tabWriter) + endLine(tabWriter) } } runtime.HandleError(tabWriter.Flush()) @@ -149,6 +149,7 @@ func (cfgCtlr *configController) dumpRequests(w http.ResponseWriter, r *http.Req "ArriveTime", // 6 })) if includeRequestDetails { + continueLine(tabWriter) tabPrint(tabWriter, rowForHeaders([]string{ "UserName", // 7 "Verb", // 8 @@ -160,7 +161,7 @@ func (cfgCtlr *configController) dumpRequests(w http.ResponseWriter, r *http.Req "SubResource", // 14 })) } - endline(tabWriter) + endLine(tabWriter) for _, plState := range cfgCtlr.priorityLevelStates { if plState.queues == nil { tabPrint(tabWriter, row( @@ -172,6 +173,7 @@ func (cfgCtlr *configController) dumpRequests(w http.ResponseWriter, r *http.Req "", // 6 )) if includeRequestDetails { + continueLine(tabWriter) tabPrint(tabWriter, row( "", // 7 "", // 8 @@ -183,7 +185,7 @@ func (cfgCtlr *configController) dumpRequests(w http.ResponseWriter, r *http.Req "", // 14 )) } - endline(tabWriter) + endLine(tabWriter) continue } queueSetDigest := plState.queues.Dump(includeRequestDetails) @@ -198,6 +200,7 @@ func (cfgCtlr *configController) dumpRequests(w http.ResponseWriter, r *http.Req r.ArriveTime, // 6 )) if includeRequestDetails { + continueLine(tabWriter) tabPrint(tabWriter, rowForRequestDetails( r.UserName, // 7 r.RequestInfo.Verb, // 8 @@ -212,7 +215,7 @@ func (cfgCtlr *configController) dumpRequests(w http.ResponseWriter, r *http.Req r.RequestInfo.Subresource, // 14 )) } - endline(tabWriter) + endLine(tabWriter) } } } @@ -223,7 +226,12 @@ func tabPrint(w io.Writer, row string) { _, err := fmt.Fprint(w, row) runtime.HandleError(err) } -func endline(w io.Writer) { + +func continueLine(w io.Writer) { + _, err := fmt.Fprint(w, ",\t") + runtime.HandleError(err) +} +func endLine(w io.Writer) { _, err := fmt.Fprint(w, "\n") runtime.HandleError(err) } @@ -269,9 +277,14 @@ func rowForRequestDetails(username, verb, path, namespace, name, apiVersion, res username, verb, path, + namespace, + name, + apiVersion, + resource, + subResource, ) } func row(columns ...string) string { - return strings.Join(columns, ",\t") + ",\t" + return strings.Join(columns, ",\t") } diff --git a/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_filter.go b/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_filter.go index 99c36005be..5b8c039168 100644 --- a/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_filter.go +++ b/vendor/k8s.io/apiserver/pkg/util/flowcontrol/apf_filter.go @@ -38,10 +38,13 @@ import ( type Interface interface { // Handle takes care of queuing and dispatching a request // characterized by the given digest. The given `noteFn` will be - // invoked with the results of request classification. If Handle - // decides that the request should be executed then `execute()` - // will be invoked once to execute the request; otherwise - // `execute()` will not be invoked. + // invoked with the results of request classification. If the + // request is queued then `queueNoteFn` will be called twice, + // first with `true` and then with `false`; otherwise + // `queueNoteFn` will not be called at all. If Handle decides + // that the request should be executed then `execute()` will be + // invoked once to execute the request; otherwise `execute()` will + // not be invoked. Handle(ctx context.Context, requestDigest RequestDigest, noteFn func(fs *fctypesv1a1.FlowSchema, pl *fctypesv1a1.PriorityLevelConfiguration), @@ -49,6 +52,9 @@ type Interface interface { execFn func(), ) + // MaintainObservations is a helper for maintaining statistics. + MaintainObservations(stopCh <-chan struct{}) + // Run monitors config objects from the main apiservers and causes // any needed changes to local behavior. This method ceases // activity and returns after the given channel is closed. diff --git a/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/interface.go b/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/interface.go index e0b628ecd0..882a505c81 100644 --- a/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/interface.go +++ b/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/interface.go @@ -82,6 +82,10 @@ type QueueSet interface { // exactly once. StartRequest(ctx context.Context, hashValue uint64, flowDistinguisher, fsName string, descr1, descr2 interface{}, queueNoteFn QueueNoteFn) (req Request, idle bool) + // UpdateObservations makes sure any time-based statistics have + // caught up with the current clock reading + UpdateObservations() + // Dump saves and returns the instant internal state of the queue-set. // Note that dumping process will stop the queue-set from proceeding // any requests. diff --git a/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset/queueset.go b/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset/queueset.go index adcb56d856..b469a4ac57 100644 --- a/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset/queueset.go +++ b/vendor/k8s.io/apiserver/pkg/util/flowcontrol/fairqueuing/queueset/queueset.go @@ -743,6 +743,11 @@ func (qs *queueSet) goroutineDoneOrBlocked() { qs.counter.Add(-1) } +func (qs *queueSet) UpdateObservations() { + qs.obsPair.RequestsWaiting.Add(0) + qs.obsPair.RequestsExecuting.Add(0) +} + func (qs *queueSet) Dump(includeRequestDetails bool) debug.QueueSetDump { qs.lock.Lock() defer qs.lock.Unlock() diff --git a/vendor/k8s.io/client-go/util/jsonpath/parser.go b/vendor/k8s.io/client-go/util/jsonpath/parser.go index e1aab6804f..b84016a9f9 100644 --- a/vendor/k8s.io/client-go/util/jsonpath/parser.go +++ b/vendor/k8s.io/client-go/util/jsonpath/parser.go @@ -214,8 +214,11 @@ func (p *Parser) parseIdentifier(cur *ListNode) error { return p.parseInsideAction(cur) } -// parseRecursive scans the recursive desent operator .. +// parseRecursive scans the recursive descent operator .. func (p *Parser) parseRecursive(cur *ListNode) error { + if lastIndex := len(cur.Nodes) - 1; lastIndex >= 0 && cur.Nodes[lastIndex].Type() == NodeRecursive { + return fmt.Errorf("invalid multiple recursive descent") + } p.pos += len("..") p.consumeText() cur.append(newRecursive()) diff --git a/vendor/k8s.io/klog/v2/klog.go b/vendor/k8s.io/klog/v2/klog.go index ae2b861382..49f1f2dd2d 100644 --- a/vendor/k8s.io/klog/v2/klog.go +++ b/vendor/k8s.io/klog/v2/klog.go @@ -1324,14 +1324,21 @@ func (v Verbose) InfoS(msg string, keysAndValues ...interface{}) { } } -// Error is equivalent to the global Error function, guarded by the value of v. -// See the documentation of V for usage. +// Deprecated: Use ErrorS instead. func (v Verbose) Error(err error, msg string, args ...interface{}) { if v.enabled { logging.errorS(err, v.logr, msg, args...) } } +// ErrorS is equivalent to the global Error function, guarded by the value of v. +// See the documentation of V for usage. +func (v Verbose) ErrorS(err error, msg string, keysAndValues ...interface{}) { + if v.enabled { + logging.errorS(err, v.logr, msg, keysAndValues...) + } +} + // Info logs to the INFO log. // Arguments are handled in the manner of fmt.Print; a newline is appended if missing. func Info(args ...interface{}) { diff --git a/vendor/k8s.io/kube-openapi/pkg/schemaconv/smd.go b/vendor/k8s.io/kube-openapi/pkg/schemaconv/smd.go index c51239c28a..1e9c037375 100644 --- a/vendor/k8s.io/kube-openapi/pkg/schemaconv/smd.go +++ b/vendor/k8s.io/kube-openapi/pkg/schemaconv/smd.go @@ -24,7 +24,7 @@ import ( "strings" "k8s.io/kube-openapi/pkg/util/proto" - "sigs.k8s.io/structured-merge-diff/v3/schema" + "sigs.k8s.io/structured-merge-diff/v4/schema" ) // ToSchema converts openapi definitions into a schema suitable for structured @@ -263,7 +263,7 @@ func makeUnion(extensions map[string]interface{}) (schema.Union, error) { return schema.Union{}, fmt.Errorf(`"fields-to-discriminateBy"/%v: value must be a string, got: %#v`, field, value) } union.Fields = append(union.Fields, schema.UnionField{ - FieldName: field, + FieldName: field, DiscriminatorValue: discriminated, }) diff --git a/vendor/k8s.io/utils/trace/trace.go b/vendor/k8s.io/utils/trace/trace.go index 7ae41672e1..2af4967ca0 100644 --- a/vendor/k8s.io/utils/trace/trace.go +++ b/vendor/k8s.io/utils/trace/trace.go @@ -197,7 +197,7 @@ func (t *Trace) logTrace() { } // if any step took more than it's share of the total allowed time, it deserves a higher log level - buffer.WriteString(fmt.Sprintf("(%v) (total time: %vms):", t.startTime.Format("02-Jan-2006 15:04:00.000"), totalTime.Milliseconds())) + buffer.WriteString(fmt.Sprintf("(%v) (total time: %vms):", t.startTime.Format("02-Jan-2006 15:04:05.000"), totalTime.Milliseconds())) stepThreshold := t.calculateStepThreshold() t.writeTraceSteps(&buffer, fmt.Sprintf("\nTrace[%d]: ", traceNum), stepThreshold) buffer.WriteString(fmt.Sprintf("\nTrace[%d]: [%v] [%v] END\n", traceNum, t.endTime.Sub(t.startTime), totalTime)) diff --git a/vendor/modules.txt b/vendor/modules.txt index 4c1dfa7bb3..93daa48dca 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -87,7 +87,7 @@ github.com/docker/libtrust # github.com/emicklei/go-restful v2.9.5+incompatible github.com/emicklei/go-restful github.com/emicklei/go-restful/log -# github.com/evanphx/json-patch v4.2.0+incompatible +# github.com/evanphx/json-patch v4.9.0+incompatible github.com/evanphx/json-patch # github.com/fsouza/go-dockerclient v0.0.0-20171004212419-da3951ba2e9e github.com/fsouza/go-dockerclient @@ -209,7 +209,7 @@ github.com/opencontainers/image-spec/specs-go/v1 # github.com/opencontainers/runc v0.0.0-20191031171055-b133feaeeb2e github.com/opencontainers/runc/libcontainer/system github.com/opencontainers/runc/libcontainer/user -# github.com/openshift/api v0.0.0-20200723134351-89de68875e7c +# github.com/openshift/api v0.0.0-20200827090112-c05698d102cf github.com/openshift/api github.com/openshift/api/apps github.com/openshift/api/apps/v1 @@ -219,6 +219,8 @@ github.com/openshift/api/build github.com/openshift/api/build/v1 github.com/openshift/api/config github.com/openshift/api/config/v1 +github.com/openshift/api/helm +github.com/openshift/api/helm/v1beta1 github.com/openshift/api/image github.com/openshift/api/image/docker10 github.com/openshift/api/image/dockerpre012 @@ -259,7 +261,7 @@ github.com/openshift/api/template/v1 github.com/openshift/api/unidling/v1alpha1 github.com/openshift/api/user github.com/openshift/api/user/v1 -# github.com/openshift/build-machinery-go v0.0.0-20200713135615-1f43d26dccc7 +# github.com/openshift/build-machinery-go v0.0.0-20200819073603-48aa266c95f7 github.com/openshift/build-machinery-go github.com/openshift/build-machinery-go/make github.com/openshift/build-machinery-go/make/lib @@ -268,7 +270,7 @@ github.com/openshift/build-machinery-go/make/targets/golang github.com/openshift/build-machinery-go/make/targets/openshift github.com/openshift/build-machinery-go/make/targets/openshift/operator github.com/openshift/build-machinery-go/scripts -# github.com/openshift/client-go v0.0.0-20200722173614-5a1b0aaeff15 +# github.com/openshift/client-go v0.0.0-20200827190008-3062137373b5 github.com/openshift/client-go/apps/clientset/versioned/scheme github.com/openshift/client-go/apps/clientset/versioned/typed/apps/v1 github.com/openshift/client-go/config/clientset/versioned @@ -334,7 +336,7 @@ github.com/spf13/pflag # github.com/stretchr/testify v1.4.0 github.com/stretchr/testify/assert github.com/stretchr/testify/require -# go.etcd.io/etcd v0.5.0-alpha.5.0.20200716221620-18dfb9cca345 +# go.etcd.io/etcd v0.5.0-alpha.5.0.20200819165624-17cef6e3e9d5 go.etcd.io/etcd/auth/authpb go.etcd.io/etcd/clientv3 go.etcd.io/etcd/clientv3/balancer @@ -368,7 +370,7 @@ go.uber.org/zap/internal/bufferpool go.uber.org/zap/internal/color go.uber.org/zap/internal/exit go.uber.org/zap/zapcore -# golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975 +# golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 golang.org/x/crypto/bcrypt golang.org/x/crypto/blowfish golang.org/x/crypto/cast5 @@ -385,7 +387,7 @@ golang.org/x/crypto/openpgp/s2k golang.org/x/crypto/poly1305 golang.org/x/crypto/salsa20/salsa golang.org/x/crypto/ssh/terminal -# golang.org/x/net v0.0.0-20200602114024-627f9648deb9 +# golang.org/x/net v0.0.0-20200707034311-ab3426394381 golang.org/x/net/context golang.org/x/net/context/ctxhttp golang.org/x/net/http/httpguts @@ -414,7 +416,7 @@ golang.org/x/text/unicode/norm golang.org/x/text/width # golang.org/x/time v0.0.0-20191024005414-555d28b269f0 golang.org/x/time/rate -# golang.org/x/tools v0.0.0-20200602230032-c00d67ef29d0 +# golang.org/x/tools v0.0.0-20200616133436-c1934b75d054 golang.org/x/tools/container/intsets # google.golang.org/appengine v1.6.5 google.golang.org/appengine/internal @@ -506,7 +508,7 @@ gopkg.in/ldap.v2 gopkg.in/natefinch/lumberjack.v2 # gopkg.in/yaml.v2 v2.3.0 gopkg.in/yaml.v2 -# k8s.io/api v0.19.0-rc.2 +# k8s.io/api v0.19.0 k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 k8s.io/api/admissionregistration/v1 @@ -551,7 +553,7 @@ k8s.io/api/settings/v1alpha1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.19.0-rc.2 +# k8s.io/apiextensions-apiserver v0.19.0 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1 k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1 @@ -559,7 +561,7 @@ k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/scheme k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1 k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1 -# k8s.io/apimachinery v0.19.0-rc.2 +# k8s.io/apimachinery v0.19.0 k8s.io/apimachinery/pkg/api/apitesting k8s.io/apimachinery/pkg/api/equality k8s.io/apimachinery/pkg/api/errors @@ -613,7 +615,7 @@ k8s.io/apimachinery/pkg/version k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.19.0-rc.2 +# k8s.io/apiserver v0.19.0 k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/configuration k8s.io/apiserver/pkg/admission/initializer @@ -734,7 +736,7 @@ k8s.io/apiserver/plugin/pkg/audit/truncate k8s.io/apiserver/plugin/pkg/audit/webhook k8s.io/apiserver/plugin/pkg/authenticator/token/webhook k8s.io/apiserver/plugin/pkg/authorizer/webhook -# k8s.io/client-go v0.19.0-rc.2 +# k8s.io/client-go v0.19.0 k8s.io/client-go/discovery k8s.io/client-go/discovery/fake k8s.io/client-go/dynamic @@ -963,7 +965,7 @@ k8s.io/client-go/util/jsonpath k8s.io/client-go/util/keyutil k8s.io/client-go/util/retry k8s.io/client-go/util/workqueue -# k8s.io/component-base v0.19.0-rc.2 +# k8s.io/component-base v0.19.0 k8s.io/component-base/cli/flag k8s.io/component-base/featuregate k8s.io/component-base/logs @@ -972,9 +974,9 @@ k8s.io/component-base/metrics k8s.io/component-base/metrics/legacyregistry k8s.io/component-base/metrics/testutil k8s.io/component-base/version -# k8s.io/klog/v2 v2.2.0 +# k8s.io/klog/v2 v2.3.0 k8s.io/klog/v2 -# k8s.io/kube-aggregator v0.19.0-rc.2 +# k8s.io/kube-aggregator v0.19.0 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/v1 k8s.io/kube-aggregator/pkg/apis/apiregistration/v1beta1 @@ -992,14 +994,14 @@ k8s.io/kube-aggregator/pkg/client/informers/externalversions/apiregistration/v1b k8s.io/kube-aggregator/pkg/client/informers/externalversions/internalinterfaces k8s.io/kube-aggregator/pkg/client/listers/apiregistration/v1 k8s.io/kube-aggregator/pkg/client/listers/apiregistration/v1beta1 -# k8s.io/kube-openapi v0.0.0-20200427153329-656914f816f9 +# k8s.io/kube-openapi v0.0.0-20200805222855-6aeccd4b50c6 k8s.io/kube-openapi/pkg/builder k8s.io/kube-openapi/pkg/common k8s.io/kube-openapi/pkg/handler k8s.io/kube-openapi/pkg/schemaconv k8s.io/kube-openapi/pkg/util k8s.io/kube-openapi/pkg/util/proto -# k8s.io/utils v0.0.0-20200720150651-0bdb4ca86cbc +# k8s.io/utils v0.0.0-20200729134348-d5654de09c73 k8s.io/utils/buffer k8s.io/utils/diff k8s.io/utils/field @@ -1011,12 +1013,12 @@ k8s.io/utils/trace # sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.9 sigs.k8s.io/apiserver-network-proxy/konnectivity-client/pkg/client sigs.k8s.io/apiserver-network-proxy/konnectivity-client/proto/client -# sigs.k8s.io/structured-merge-diff/v3 v3.0.1-0.20200706213357-43c19bbb7fba -sigs.k8s.io/structured-merge-diff/v3/fieldpath -sigs.k8s.io/structured-merge-diff/v3/merge -sigs.k8s.io/structured-merge-diff/v3/schema -sigs.k8s.io/structured-merge-diff/v3/typed -sigs.k8s.io/structured-merge-diff/v3/value +# sigs.k8s.io/structured-merge-diff/v4 v4.0.1 +sigs.k8s.io/structured-merge-diff/v4/fieldpath +sigs.k8s.io/structured-merge-diff/v4/merge +sigs.k8s.io/structured-merge-diff/v4/schema +sigs.k8s.io/structured-merge-diff/v4/typed +sigs.k8s.io/structured-merge-diff/v4/value # sigs.k8s.io/yaml v1.2.0 sigs.k8s.io/yaml # vbom.ml/util v0.0.0-20180919145318-efcd4e0f9787 diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/LICENSE b/vendor/sigs.k8s.io/structured-merge-diff/v4/LICENSE similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/LICENSE rename to vendor/sigs.k8s.io/structured-merge-diff/v4/LICENSE diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/doc.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/doc.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/doc.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/doc.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/element.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/element.go similarity index 99% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/element.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/element.go index 1b4872b86c..1578f64c04 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/element.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/element.go @@ -21,7 +21,7 @@ import ( "sort" "strings" - "sigs.k8s.io/structured-merge-diff/v3/value" + "sigs.k8s.io/structured-merge-diff/v4/value" ) // PathElement describes how to select a child field given a containing object. diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/fromvalue.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/fromvalue.go similarity index 98% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/fromvalue.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/fromvalue.go index 36b2d4a916..20775ee022 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/fromvalue.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/fromvalue.go @@ -17,7 +17,7 @@ limitations under the License. package fieldpath import ( - "sigs.k8s.io/structured-merge-diff/v3/value" + "sigs.k8s.io/structured-merge-diff/v4/value" ) // SetFromValue creates a set containing every leaf field mentioned in v. diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/managers.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/managers.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/managers.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/managers.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/path.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/path.go similarity index 98% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/path.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/path.go index cc7fb9c675..0413130bd1 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/path.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/path.go @@ -20,7 +20,7 @@ import ( "fmt" "strings" - "sigs.k8s.io/structured-merge-diff/v3/value" + "sigs.k8s.io/structured-merge-diff/v4/value" ) // Path describes how to select a potentially deeply-nested child field given a diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/pathelementmap.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/pathelementmap.go similarity index 98% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/pathelementmap.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/pathelementmap.go index fc8a1ff3fd..9b14ca581b 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/pathelementmap.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/pathelementmap.go @@ -19,7 +19,7 @@ package fieldpath import ( "sort" - "sigs.k8s.io/structured-merge-diff/v3/value" + "sigs.k8s.io/structured-merge-diff/v4/value" ) // PathElementValueMap is a map from PathElement to value.Value. diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/serialize-pe.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/serialize-pe.go similarity index 99% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/serialize-pe.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/serialize-pe.go index fcb6b2fc96..cb18e7b1ca 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/serialize-pe.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/serialize-pe.go @@ -24,7 +24,7 @@ import ( "strings" jsoniter "github.com/json-iterator/go" - "sigs.k8s.io/structured-merge-diff/v3/value" + "sigs.k8s.io/structured-merge-diff/v4/value" ) var ErrUnknownPathElementType = errors.New("unknown path element type") diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/serialize.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/serialize.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/serialize.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/serialize.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/set.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/set.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/fieldpath/set.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/fieldpath/set.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/merge/conflict.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/conflict.go similarity index 98% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/merge/conflict.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/merge/conflict.go index 88cb1417df..75a492d8ea 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v3/merge/conflict.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/conflict.go @@ -21,7 +21,7 @@ import ( "sort" "strings" - "sigs.k8s.io/structured-merge-diff/v3/fieldpath" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" ) // Conflict is a conflict on a specific field with the current manager of diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/merge/update.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/update.go similarity index 99% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/merge/update.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/merge/update.go index 7b88cbd8ee..e648d8a270 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v3/merge/update.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/merge/update.go @@ -16,8 +16,8 @@ package merge import ( "fmt" - "sigs.k8s.io/structured-merge-diff/v3/fieldpath" - "sigs.k8s.io/structured-merge-diff/v3/typed" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" + "sigs.k8s.io/structured-merge-diff/v4/typed" ) // Converter is an interface to the conversion logic. The converter diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/schema/doc.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/doc.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/schema/doc.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/schema/doc.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/schema/elements.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/elements.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/schema/elements.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/schema/elements.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/schema/equals.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/equals.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/schema/equals.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/schema/equals.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/schema/schemaschema.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/schema/schemaschema.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/schema/schemaschema.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/schema/schemaschema.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/typed/doc.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/doc.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/typed/doc.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/typed/doc.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/typed/helpers.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/helpers.go similarity index 97% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/typed/helpers.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/typed/helpers.go index 0834f4d327..9b6845e8da 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v3/typed/helpers.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/helpers.go @@ -21,9 +21,9 @@ import ( "fmt" "strings" - "sigs.k8s.io/structured-merge-diff/v3/fieldpath" - "sigs.k8s.io/structured-merge-diff/v3/schema" - "sigs.k8s.io/structured-merge-diff/v3/value" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" + "sigs.k8s.io/structured-merge-diff/v4/schema" + "sigs.k8s.io/structured-merge-diff/v4/value" ) // ValidationError reports an error about a particular field diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/typed/merge.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go similarity index 98% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/typed/merge.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go index e9573cc231..5112e2536f 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v3/typed/merge.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/merge.go @@ -19,9 +19,9 @@ package typed import ( "math" - "sigs.k8s.io/structured-merge-diff/v3/fieldpath" - "sigs.k8s.io/structured-merge-diff/v3/schema" - "sigs.k8s.io/structured-merge-diff/v3/value" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" + "sigs.k8s.io/structured-merge-diff/v4/schema" + "sigs.k8s.io/structured-merge-diff/v4/value" ) type mergingWalker struct { diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/typed/parser.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/parser.go similarity index 98% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/typed/parser.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/typed/parser.go index 845fdfe4ec..3949a78fc6 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v3/typed/parser.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/parser.go @@ -20,8 +20,8 @@ import ( "fmt" yaml "gopkg.in/yaml.v2" - "sigs.k8s.io/structured-merge-diff/v3/schema" - "sigs.k8s.io/structured-merge-diff/v3/value" + "sigs.k8s.io/structured-merge-diff/v4/schema" + "sigs.k8s.io/structured-merge-diff/v4/value" ) // YAMLObject is an object encoded in YAML. diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/typed/remove.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/remove.go similarity index 95% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/typed/remove.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/typed/remove.go index cfa6365ac7..a281195301 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v3/typed/remove.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/remove.go @@ -14,9 +14,9 @@ limitations under the License. package typed import ( - "sigs.k8s.io/structured-merge-diff/v3/fieldpath" - "sigs.k8s.io/structured-merge-diff/v3/schema" - "sigs.k8s.io/structured-merge-diff/v3/value" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" + "sigs.k8s.io/structured-merge-diff/v4/schema" + "sigs.k8s.io/structured-merge-diff/v4/value" ) type removingWalker struct { diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/typed/tofieldset.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/tofieldset.go similarity index 96% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/typed/tofieldset.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/typed/tofieldset.go index b3c4ff0021..0662d0f0a8 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v3/typed/tofieldset.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/tofieldset.go @@ -19,9 +19,9 @@ package typed import ( "sync" - "sigs.k8s.io/structured-merge-diff/v3/fieldpath" - "sigs.k8s.io/structured-merge-diff/v3/schema" - "sigs.k8s.io/structured-merge-diff/v3/value" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" + "sigs.k8s.io/structured-merge-diff/v4/schema" + "sigs.k8s.io/structured-merge-diff/v4/value" ) var tPool = sync.Pool{ diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/typed/typed.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/typed.go similarity index 98% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/typed/typed.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/typed/typed.go index 056a07dee0..1a99159a6e 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v3/typed/typed.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/typed.go @@ -21,9 +21,9 @@ import ( "strings" "sync" - "sigs.k8s.io/structured-merge-diff/v3/fieldpath" - "sigs.k8s.io/structured-merge-diff/v3/schema" - "sigs.k8s.io/structured-merge-diff/v3/value" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" + "sigs.k8s.io/structured-merge-diff/v4/schema" + "sigs.k8s.io/structured-merge-diff/v4/value" ) // AsTyped accepts a value and a type and returns a TypedValue. 'v' must have diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/typed/union.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/union.go similarity index 98% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/typed/union.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/typed/union.go index 26526cb875..1fa5d88ae6 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v3/typed/union.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/union.go @@ -20,8 +20,8 @@ import ( "fmt" "strings" - "sigs.k8s.io/structured-merge-diff/v3/schema" - "sigs.k8s.io/structured-merge-diff/v3/value" + "sigs.k8s.io/structured-merge-diff/v4/schema" + "sigs.k8s.io/structured-merge-diff/v4/value" ) func normalizeUnions(w *mergingWalker) error { diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/typed/validate.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/validate.go similarity index 97% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/typed/validate.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/typed/validate.go index 5c5a1cb64e..a2f8f4eff1 100644 --- a/vendor/sigs.k8s.io/structured-merge-diff/v3/typed/validate.go +++ b/vendor/sigs.k8s.io/structured-merge-diff/v4/typed/validate.go @@ -19,9 +19,9 @@ package typed import ( "sync" - "sigs.k8s.io/structured-merge-diff/v3/fieldpath" - "sigs.k8s.io/structured-merge-diff/v3/schema" - "sigs.k8s.io/structured-merge-diff/v3/value" + "sigs.k8s.io/structured-merge-diff/v4/fieldpath" + "sigs.k8s.io/structured-merge-diff/v4/schema" + "sigs.k8s.io/structured-merge-diff/v4/value" ) var vPool = sync.Pool{ diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/allocator.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/allocator.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/allocator.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/allocator.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/doc.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/doc.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/doc.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/doc.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/fields.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/fields.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/fields.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/fields.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/jsontagutil.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/jsontagutil.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/jsontagutil.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/jsontagutil.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/list.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/list.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/list.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/list.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/listreflect.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/listreflect.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/listreflect.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/listreflect.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/listunstructured.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/listunstructured.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/listunstructured.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/listunstructured.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/map.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/map.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/map.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/map.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/mapreflect.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapreflect.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/mapreflect.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapreflect.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/mapunstructured.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapunstructured.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/mapunstructured.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/mapunstructured.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/reflectcache.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/reflectcache.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/reflectcache.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/reflectcache.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/scalar.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/scalar.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/scalar.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/scalar.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/structreflect.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/structreflect.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/structreflect.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/structreflect.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/value.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/value.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/value.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/value.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/valuereflect.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/valuereflect.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/valuereflect.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/valuereflect.go diff --git a/vendor/sigs.k8s.io/structured-merge-diff/v3/value/valueunstructured.go b/vendor/sigs.k8s.io/structured-merge-diff/v4/value/valueunstructured.go similarity index 100% rename from vendor/sigs.k8s.io/structured-merge-diff/v3/value/valueunstructured.go rename to vendor/sigs.k8s.io/structured-merge-diff/v4/value/valueunstructured.go From 07dff5478954ce9de31b7db0e00cbb4aa48d43f1 Mon Sep 17 00:00:00 2001 From: Maru Newby Date: Sun, 30 Aug 2020 10:22:29 -0700 Subject: [PATCH 2/2] Fix unit testing for golang 1.14 --- pkg/crypto/crypto.go | 46 ++++++++++--------- .../oauthclientregistry_test.go | 2 +- 2 files changed, 25 insertions(+), 23 deletions(-) diff --git a/pkg/crypto/crypto.go b/pkg/crypto/crypto.go index 77ef3df04e..03aa4d7672 100644 --- a/pkg/crypto/crypto.go +++ b/pkg/crypto/crypto.go @@ -120,28 +120,30 @@ var ciphersTLS13 = map[string]uint16{ } var ciphers = map[string]uint16{ - "TLS_RSA_WITH_RC4_128_SHA": tls.TLS_RSA_WITH_RC4_128_SHA, - "TLS_RSA_WITH_3DES_EDE_CBC_SHA": tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, - "TLS_RSA_WITH_AES_128_CBC_SHA": tls.TLS_RSA_WITH_AES_128_CBC_SHA, - "TLS_RSA_WITH_AES_256_CBC_SHA": tls.TLS_RSA_WITH_AES_256_CBC_SHA, - "TLS_RSA_WITH_AES_128_CBC_SHA256": tls.TLS_RSA_WITH_AES_128_CBC_SHA256, - "TLS_RSA_WITH_AES_128_GCM_SHA256": tls.TLS_RSA_WITH_AES_128_GCM_SHA256, - "TLS_RSA_WITH_AES_256_GCM_SHA384": tls.TLS_RSA_WITH_AES_256_GCM_SHA384, - "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA": tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - "TLS_ECDHE_RSA_WITH_RC4_128_SHA": tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, - "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, - "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, - "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, - "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, - "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, - "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, - "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, - "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, - "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, - "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + "TLS_RSA_WITH_RC4_128_SHA": tls.TLS_RSA_WITH_RC4_128_SHA, + "TLS_RSA_WITH_3DES_EDE_CBC_SHA": tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA, + "TLS_RSA_WITH_AES_128_CBC_SHA": tls.TLS_RSA_WITH_AES_128_CBC_SHA, + "TLS_RSA_WITH_AES_256_CBC_SHA": tls.TLS_RSA_WITH_AES_256_CBC_SHA, + "TLS_RSA_WITH_AES_128_CBC_SHA256": tls.TLS_RSA_WITH_AES_128_CBC_SHA256, + "TLS_RSA_WITH_AES_128_GCM_SHA256": tls.TLS_RSA_WITH_AES_128_GCM_SHA256, + "TLS_RSA_WITH_AES_256_GCM_SHA384": tls.TLS_RSA_WITH_AES_256_GCM_SHA384, + "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA": tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, + "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA": tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, + "TLS_ECDHE_RSA_WITH_RC4_128_SHA": tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA, + "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA": tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, + "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256": tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256": tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384": tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, + "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256": tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, + "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, } // openSSLToIANACiphersMap maps OpenSSL cipher suite names to IANA names diff --git a/pkg/oauth/oauthserviceaccountclient/oauthclientregistry_test.go b/pkg/oauth/oauthserviceaccountclient/oauthclientregistry_test.go index d61a2f6ad1..13c8da362d 100644 --- a/pkg/oauth/oauthserviceaccountclient/oauthclientregistry_test.go +++ b/pkg/oauth/oauthserviceaccountclient/oauthclientregistry_test.go @@ -96,7 +96,7 @@ func TestGetClient(t *testing.T) { }), routeClient: routev1fake.NewSimpleClientset(), expectedErr: `system:serviceaccount:ns-01:default has no redirectURIs; set serviceaccounts.openshift.io/oauth-redirecturi.`, - expectedEventMsg: `Warning NoSAOAuthRedirectURIs [parse ::: missing protocol scheme, system:serviceaccount:ns-01:default has no redirectURIs; set serviceaccounts.openshift.io/oauth-redirecturi.= or create a dynamic URI using serviceaccounts.openshift.io/oauth-redirectreference.=]`, + expectedEventMsg: `Warning NoSAOAuthRedirectURIs [parse "::": missing protocol scheme, system:serviceaccount:ns-01:default has no redirectURIs; set serviceaccounts.openshift.io/oauth-redirecturi.= or create a dynamic URI using serviceaccounts.openshift.io/oauth-redirectreference.=]`, expectedKubeActions: []clientgotesting.Action{clientgotesting.NewGetAction(serviceAccountsResource, "ns-01", "default")}, expectedOSActions: []clientgotesting.Action{}, },