diff --git a/cmd/machine-config-operator/start.go b/cmd/machine-config-operator/start.go index e467791792..19720bfc54 100644 --- a/cmd/machine-config-operator/start.go +++ b/cmd/machine-config-operator/start.go @@ -59,7 +59,7 @@ func runStartCmd(cmd *cobra.Command, args []string) { ctrlctx.NamespacedInformerFactory.Machineconfiguration().V1().MachineConfigs(), ctrlctx.NamespacedInformerFactory.Machineconfiguration().V1().ControllerConfigs(), ctrlctx.KubeNamespacedInformerFactory.Core().V1().ServiceAccounts(), - ctrlctx.APIExtInformerFactory.Apiextensions().V1beta1().CustomResourceDefinitions(), + ctrlctx.APIExtInformerFactory.Apiextensions().V1().CustomResourceDefinitions(), ctrlctx.KubeNamespacedInformerFactory.Apps().V1().Deployments(), ctrlctx.KubeNamespacedInformerFactory.Apps().V1().DaemonSets(), ctrlctx.KubeNamespacedInformerFactory.Rbac().V1().ClusterRoles(), diff --git a/docs/ContainerRuntimeConfigDesign.md b/docs/ContainerRuntimeConfigDesign.md index 450fbb793d..4b6ddace09 100644 --- a/docs/ContainerRuntimeConfigDesign.md +++ b/docs/ContainerRuntimeConfigDesign.md @@ -27,7 +27,7 @@ Extend the Machine Config Operator to include a ContainerRuntimeConfig CRD and C ## CRD ``` -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: containerruntimeconfigs.machineconfiguration.openshift.io diff --git a/docs/KubeletConfigDesign.md b/docs/KubeletConfigDesign.md index bfe5222a63..5b37b0a8cb 100644 --- a/docs/KubeletConfigDesign.md +++ b/docs/KubeletConfigDesign.md @@ -33,7 +33,7 @@ Extend the Machine Config Operator to include a KubetletConfig CRD and KubeletCo ## CRD ``` -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: kubeletconfigs.machineconfiguration.openshift.io diff --git a/examples/controllerconfig.crd.yaml b/examples/controllerconfig.crd.yaml index 33daf4b96b..7ade2d9f62 100644 --- a/examples/controllerconfig.crd.yaml +++ b/examples/controllerconfig.crd.yaml @@ -1,4 +1,4 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: # name must match the spec fields below, and be in the form: . diff --git a/examples/machineconfig.crd.yaml b/examples/machineconfig.crd.yaml index abff272f9d..de9f77e799 100644 --- a/examples/machineconfig.crd.yaml +++ b/examples/machineconfig.crd.yaml @@ -1,4 +1,4 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: # name must match the spec fields below, and be in the form: . diff --git a/examples/machineconfigpool.crd.yaml b/examples/machineconfigpool.crd.yaml index 16b7d0c72a..2e929ed943 100644 --- a/examples/machineconfigpool.crd.yaml +++ b/examples/machineconfigpool.crd.yaml @@ -1,4 +1,4 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: # name must match the spec fields below, and be in the form: . diff --git a/install/0000_80_machine-config-operator_01_containerruntimeconfig.crd.yaml b/install/0000_80_machine-config-operator_01_containerruntimeconfig.crd.yaml index 06af83a91b..169bd1e128 100644 --- a/install/0000_80_machine-config-operator_01_containerruntimeconfig.crd.yaml +++ b/install/0000_80_machine-config-operator_01_containerruntimeconfig.crd.yaml @@ -1,4 +1,4 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: containerruntimeconfigs.machineconfiguration.openshift.io @@ -18,154 +18,153 @@ spec: shortNames: - ctrcfg scope: Cluster - preserveUnknownFields: false - subresources: - status: {} versions: - name: v1 served: true storage: true - "validation": - "openAPIV3Schema": - description: ContainerRuntimeConfig describes a customized Container Runtime - configuration. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ContainerRuntimeConfigSpec defines the desired state of ContainerRuntimeConfig - type: object - required: + subresources: + status: {} + schema: + openAPIV3Schema: + description: ContainerRuntimeConfig describes a customized Container Runtime + configuration. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ContainerRuntimeConfigSpec defines the desired state of ContainerRuntimeConfig + type: object + required: - containerRuntimeConfig - properties: - containerRuntimeConfig: - description: ContainerRuntimeConfiguration defines the tuneables of - the container runtime. It's important to note that, since the fields - of the ContainerRuntimeConfiguration are directly read by the - upstream kubernetes golang client, the validation of those values - is handled directly by that golang client which is outside of the - controller for ContainerRuntimeConfiguration. Please ensure - the valid values are used for those fields as invalid values - may render cluster nodes unusable. - type: object - properties: - logLevel: - description: logLevel specifies the verbosity of the logs based - on the level it is set to. Options are fatal, panic, error, warn, - info, and debug. - type: string - logSizeMax: - description: logSizeMax specifies the Maximum size allowed for the - container log file. Negative numbers indicate that no size limit - is imposed. If it is positive, it must be >= 8192 to match/exceed - conmon's read buffer. - type: string - overlaySize: - description: 'overlaySize specifies the maximum size of a container - image. This flag can be used to set quota on the size of container - images. (default: 10GB)' - type: string - pidsLimit: - description: pidsLimit specifies the maximum number of processes - allowed in a container - type: integer - format: int64 - machineConfigPoolSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - type: array - items: - type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - status: - description: ContainerRuntimeConfigStatus defines the observed state of - a ContainerRuntimeConfig - type: object - properties: - conditions: - description: conditions represents the latest available observations - of current state. - type: array - items: - description: ContainerRuntimeConfigCondition defines the state of - the ContainerRuntimeConfig + properties: + containerRuntimeConfig: + description: ContainerRuntimeConfiguration defines the tuneables of + the container runtime. It's important to note that, since the fields + of the ContainerRuntimeConfiguration are directly read by the upstream + kubernetes golang client, the validation of those values is handled + directly by that golang client which is outside of the controller + for ContainerRuntimeConfiguration. Please ensure the valid values + are used for those fields as invalid values may render cluster nodes + unusable. type: object properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status object. - type: string - format: date-time - nullable: true - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. - type: string - reason: - description: reason is the reason for the condition's last transition. Reasons - are PascalCase + logLevel: + description: logLevel specifies the verbosity of the logs based + on the level it is set to. Options are fatal, panic, error, warn, + info, and debug. type: string - status: - description: status of the condition, one of True, False, Unknown. + logSizeMax: + description: logSizeMax specifies the Maximum size allowed for the + container log file. Negative numbers indicate that no size limit + is imposed. If it is positive, it must be >= 8192 to match/exceed + conmon's read buffer. type: string - type: - description: type specifies the state of the operator's reconciliation - functionality. + overlaySize: + description: 'overlaySize specifies the maximum size of a container + image. This flag can be used to set quota on the size of container + images. (default: 10GB)' type: string - observedGeneration: - description: observedGeneration represents the generation observed by - the controller. - type: integer - format: int64 + pidsLimit: + description: pidsLimit specifies the maximum number of processes + allowed in a container + type: integer + format: int64 + machineConfigPoolSelector: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + additionalProperties: + type: string + status: + description: ContainerRuntimeConfigStatus defines the observed state of + a ContainerRuntimeConfig + type: object + properties: + conditions: + description: conditions represents the latest available observations + of current state. + type: array + items: + description: ContainerRuntimeConfigCondition defines the state of + the ContainerRuntimeConfig + type: object + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + type: string + format: date-time + nullable: true + message: + description: message provides additional information about the + current condition. This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + observedGeneration: + description: observedGeneration represents the generation observed by + the controller. + type: integer + format: int64 diff --git a/install/0000_80_machine-config-operator_01_kubeletconfig.crd.yaml b/install/0000_80_machine-config-operator_01_kubeletconfig.crd.yaml index f1e680efd4..7722e06778 100644 --- a/install/0000_80_machine-config-operator_01_kubeletconfig.crd.yaml +++ b/install/0000_80_machine-config-operator_01_kubeletconfig.crd.yaml @@ -1,4 +1,4 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: kubeletconfigs.machineconfiguration.openshift.io @@ -16,237 +16,234 @@ spec: plural: kubeletconfigs singular: kubeletconfig scope: Cluster - preserveUnknownFields: false - subresources: - status: {} versions: - name: v1 served: true storage: true - "validation": - "openAPIV3Schema": - description: KubeletConfig describes a customized Kubelet configuration. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KubeletConfigSpec defines the desired state of KubeletConfig - type: object - properties: - autoSizingReserved: - description: Automatically set optimal system reserved - type: boolean - tlsSecurityProfile: - description: "tlsSecurityProfile specifies settings for TLS connections - for ingresscontrollers. \n If unset, the default is based on the - apiservers.config.openshift.io/cluster resource. \n Note that when - using the Old, Intermediate, and Modern profile types, the effective - profile configuration is subject to change between releases. For - example, given a specification to use the Intermediate profile deployed - on release X.Y.Z, an upgrade to release X.Y.Z+1 may cause a new - profile configuration to be applied to the ingress controller, resulting - in a rollout. \n Note that the minimum TLS version for ingress controllers - is 1.1, and the maximum TLS version is 1.2. An implication of this - restriction is that the Modern TLS profile type cannot be used because - it requires TLS 1.3." - properties: - custom: - description: "custom is a user-defined TLS security profile. Be - extremely careful using a custom profile as invalid configurations - can be catastrophic. An example custom profile looks like this: - \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - \ - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 - \ minTLSVersion: TLSv1.1" - nullable: true - properties: - ciphers: - description: "ciphers is used to specify the cipher algorithms - that are negotiated during the TLS handshake. Operators - may remove entries their operands do not support. For example, - to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" - items: - type: string - type: array - minTLSVersion: - description: "minTLSVersion is used to specify the minimal - version of the TLS protocol that is negotiated during the - TLS handshake. For example, to use TLS versions 1.1, 1.2 - and 1.3 (yaml): \n minTLSVersion: TLSv1.1 \n NOTE: currently - the highest minTLSVersion allowed is VersionTLS12" - enum: - - VersionTLS10 - - VersionTLS11 - - VersionTLS12 - - VersionTLS13 - type: string - type: object - intermediate: - description: "intermediate is a TLS security profile based on: - \n https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - \ minTLSVersion: TLSv1.2" - nullable: true - type: object - modern: - description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - \ minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." - nullable: true - type: object - old: - description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility - \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 - \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 - \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 - \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 - \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 - \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 - \ - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 - \ - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - \ - ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - \ - ECDHE-RSA-AES256-SHA384 - ECDHE-ECDSA-AES256-SHA - \ - ECDHE-RSA-AES256-SHA - DHE-RSA-AES128-SHA256 - - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 - AES256-GCM-SHA384 - \ - AES128-SHA256 - AES256-SHA256 - AES128-SHA - - AES256-SHA - DES-CBC3-SHA minTLSVersion: TLSv1.0" - nullable: true - type: object - type: - description: "type is one of Old, Intermediate, Modern or Custom. - Custom provides the ability to specify individual TLS security - profile parameters. Old, Intermediate and Modern are TLS security - profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations - \n The profiles are intent based, so they may change over time - as new ciphers are developed and existing ciphers are found - to be insecure. Depending on precisely which ciphers are available - to a process, the list may be reduced. \n Note that the Modern - profile is currently not supported because it is not yet well - adopted by common software libraries." - enum: - - Old - - Intermediate - - Modern - - Custom - type: string - type: object - logLevel: - description: logLevel defines the log level of the Kubelet - type: integer - format: int64 - minimum: 1 - maximum: 10 - kubeletConfig: - description: The fields of the kubelet configuration are defined in - kubernetes upstream. Please refer to the types defined in the - version/commit used by OpenShift of the upstream kubernetes. - It's important to note that, since the fields of the kubelet - configuration are directly fetched from upstream the validation - of those values is handled directly by the kubelet. Please refer - to the upstream version of the relavent kubernetes for the - valid values of these fields. Invalid values of the kubelet - configuration fields may render cluster nodes unusable. - type: object - x-kubernetes-preserve-unknown-fields: true - machineConfigPoolSelector: - description: A label selector is a label query over a set of resources. - The result of matchLabels and matchExpressions are ANDed. An empty - label selector matches all objects. A null label selector matches - no objects. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator + subresources: + status: {} + schema: + openAPIV3Schema: + description: KubeletConfig describes a customized Kubelet configuration. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: KubeletConfigSpec defines the desired state of KubeletConfig + type: object + properties: + autoSizingReserved: + description: Automatically set optimal system reserved + type: boolean + tlsSecurityProfile: + description: "tlsSecurityProfile specifies settings for TLS connections + for ingresscontrollers. \n If unset, the default is based on the apiservers.config.openshift.io/cluster + resource. \n Note that when using the Old, Intermediate, and Modern + profile types, the effective profile configuration is subject to change + between releases. For example, given a specification to use the Intermediate + profile deployed on release X.Y.Z, an upgrade to release X.Y.Z+1 may + cause a new profile configuration to be applied to the ingress controller, + resulting in a rollout. \n Note that the minimum TLS version for ingress + controllers is 1.1, and the maximum TLS version is 1.2. An implication + of this restriction is that the Modern TLS profile type cannot be + used because it requires TLS 1.3." + properties: + custom: + description: "custom is a user-defined TLS security profile. Be + extremely careful using a custom profile as invalid configurations + can be catastrophic. An example custom profile looks like this: + \n ciphers: - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + \ - ECDHE-RSA-AES128-GCM-SHA256 - ECDHE-ECDSA-AES128-GCM-SHA256 + \ minTLSVersion: TLSv1.1" + nullable: true properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - type: array + ciphers: + description: "ciphers is used to specify the cipher algorithms + that are negotiated during the TLS handshake. Operators may + remove entries their operands do not support. For example, + to use DES-CBC3-SHA (yaml): \n ciphers: - DES-CBC3-SHA" items: type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - additionalProperties: - type: string - status: - description: KubeletConfigStatus defines the observed state of a KubeletConfig - type: object - properties: - conditions: - description: conditions represents the latest available observations - of current state. - type: array - items: - description: KubeletConfigCondition defines the state of the KubeletConfig - type: object - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status object. - type: string - format: date-time + type: array + minTLSVersion: + description: "minTLSVersion is used to specify the minimal version + of the TLS protocol that is negotiated during the TLS handshake. + For example, to use TLS versions 1.1, 1.2 and 1.3 (yaml): + \n minTLSVersion: TLSv1.1 \n NOTE: currently the highest + minTLSVersion allowed is VersionTLS12" + enum: + - VersionTLS10 + - VersionTLS11 + - VersionTLS12 + - VersionTLS13 + type: string + type: object + intermediate: + description: "intermediate is a TLS security profile based on: \n + https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28recommended.29 + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 + \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 + \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 + \ minTLSVersion: TLSv1.2" nullable: true - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. - type: string - reason: - description: reason is the reason for the condition's last transition. Reasons - are PascalCase - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string + type: object + modern: + description: "modern is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + \ minTLSVersion: TLSv1.3 \n NOTE: Currently unsupported." + nullable: true + type: object + old: + description: "old is a TLS security profile based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Old_backward_compatibility + \n and looks like this (yaml): \n ciphers: - TLS_AES_128_GCM_SHA256 + \ - TLS_AES_256_GCM_SHA384 - TLS_CHACHA20_POLY1305_SHA256 + \ - ECDHE-ECDSA-AES128-GCM-SHA256 - ECDHE-RSA-AES128-GCM-SHA256 + \ - ECDHE-ECDSA-AES256-GCM-SHA384 - ECDHE-RSA-AES256-GCM-SHA384 + \ - ECDHE-ECDSA-CHACHA20-POLY1305 - ECDHE-RSA-CHACHA20-POLY1305 + \ - DHE-RSA-AES128-GCM-SHA256 - DHE-RSA-AES256-GCM-SHA384 + \ - DHE-RSA-CHACHA20-POLY1305 - ECDHE-ECDSA-AES128-SHA256 + \ - ECDHE-RSA-AES128-SHA256 - ECDHE-ECDSA-AES128-SHA - + ECDHE-RSA-AES128-SHA - ECDHE-ECDSA-AES256-SHA384 - ECDHE-RSA-AES256-SHA384 + \ - ECDHE-ECDSA-AES256-SHA - ECDHE-RSA-AES256-SHA - + DHE-RSA-AES128-SHA256 - DHE-RSA-AES256-SHA256 - AES128-GCM-SHA256 + \ - AES256-GCM-SHA384 - AES128-SHA256 - AES256-SHA256 + \ - AES128-SHA - AES256-SHA - DES-CBC3-SHA minTLSVersion: + TLSv1.0" + nullable: true + type: object type: - description: type specifies the state of the operator's reconciliation - functionality. + description: "type is one of Old, Intermediate, Modern or Custom. + Custom provides the ability to specify individual TLS security + profile parameters. Old, Intermediate and Modern are TLS security + profiles based on: \n https://wiki.mozilla.org/Security/Server_Side_TLS#Recommended_configurations + \n The profiles are intent based, so they may change over time + as new ciphers are developed and existing ciphers are found to + be insecure. Depending on precisely which ciphers are available + to a process, the list may be reduced. \n Note that the Modern + profile is currently not supported because it is not yet well + adopted by common software libraries." + enum: + - Old + - Intermediate + - Modern + - Custom type: string - observedGeneration: - description: observedGeneration represents the generation observed by - the controller. - type: integer - format: int64 + type: object + logLevel: + description: logLevel defines the log level of the Kubelet + type: integer + format: int64 + minimum: 1 + maximum: 10 + kubeletConfig: + description: The fields of the kubelet configuration are defined in + kubernetes upstream. Please refer to the types defined in the version/commit + used by OpenShift of the upstream kubernetes. It's important to note + that, since the fields of the kubelet configuration are directly fetched + from upstream the validation of those values is handled directly by + the kubelet. Please refer to the upstream version of the relavent + kubernetes for the valid values of these fields. Invalid values of + the kubelet configuration fields may render cluster nodes unusable. + type: object + x-kubernetes-preserve-unknown-fields: true + machineConfigPoolSelector: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An empty + label selector matches all objects. A null label selector matches + no objects. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + additionalProperties: + type: string + status: + description: KubeletConfigStatus defines the observed state of a KubeletConfig + type: object + properties: + conditions: + description: conditions represents the latest available observations + of current state. + type: array + items: + description: KubeletConfigCondition defines the state of the KubeletConfig + type: object + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + type: string + format: date-time + nullable: true + message: + description: message provides additional information about the + current condition. This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + observedGeneration: + description: observedGeneration represents the generation observed by + the controller. + type: integer + format: int64 diff --git a/install/0000_80_machine-config-operator_01_machineconfig.crd.yaml b/install/0000_80_machine-config-operator_01_machineconfig.crd.yaml index 0e6a0b4faa..b632f15793 100644 --- a/install/0000_80_machine-config-operator_01_machineconfig.crd.yaml +++ b/install/0000_80_machine-config-operator_01_machineconfig.crd.yaml @@ -1,4 +1,4 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: # name must match the spec fields below, and be in the form: . @@ -10,31 +10,10 @@ metadata: include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" spec: - additionalPrinterColumns: - - JSONPath: .metadata.annotations.machineconfiguration\.openshift\.io/generated-by-controller-version - description: Version of the controller that generated the machineconfig. This - will be empty if the machineconfig is not managed by a controller. - name: GeneratedByController - type: string - - JSONPath: .spec.config.ignition.version - description: Version of the Ignition Config defined in the machineconfig. - name: IgnitionVersion - type: string - - JSONPath: .metadata.creationTimestamp - name: Age - type: date # group name to use for REST API: /apis// group: machineconfiguration.openshift.io - # list of versions supported by this CustomResourceDefinition - versions: - - name: v1 - # Each version can be enabled/disabled by Served flag. - served: true - # One and only one version must be marked as the storage version. - storage: true # either Namespaced or Cluster scope: Cluster - preserveUnknownFields: false names: # plural name to be used in the URL: /apis/// plural: machineconfigs @@ -45,47 +24,77 @@ spec: # shortNames allow shorter string to match your resource on the CLI shortNames: - mc - # openAPIV3Schema has been hand modified. Do not overwrite directly with generated crd fields as we do not allow all config fields. - "validation": - "openAPIV3Schema": - description: MachineConfig defines the configuration for a machine - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MachineConfigSpec is the spec for MachineConfig - type: object - properties: - config: - description: Config is a Ignition Config object. - type: object - x-kubernetes-preserve-unknown-fields: true - required: - - ignition - properties: - ignition: - description: Ignition section contains metadata about the configuration - itself. We only permit a subsection of ignition fields for MachineConfigs. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - config: - type: object - properties: - append: - type: array - items: + # list of versions supported by this CustomResourceDefinition + versions: + - name: v1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + additionalPrinterColumns: + - jsonPath: .metadata.annotations.machineconfiguration\.openshift\.io/generated-by-controller-version + description: Version of the controller that generated the machineconfig. This + will be empty if the machineconfig is not managed by a controller. + name: GeneratedByController + type: string + - jsonPath: .spec.config.ignition.version + description: Version of the Ignition Config defined in the machineconfig. + name: IgnitionVersion + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + # openAPIV3Schema has been hand modified. Do not overwrite directly with generated crd fields as we do not allow all config fields. + schema: + openAPIV3Schema: + description: MachineConfig defines the configuration for a machine + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineConfigSpec is the spec for MachineConfig + type: object + properties: + config: + description: Config is a Ignition Config object. + type: object + x-kubernetes-preserve-unknown-fields: true + required: + - ignition + properties: + ignition: + description: Ignition section contains metadata about the configuration + itself. We only permit a subsection of ignition fields for MachineConfigs. + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + config: + type: object + properties: + append: + type: array + items: + type: object + properties: + source: + type: string + verification: + type: object + properties: + hash: + type: string + replace: type: object properties: source: @@ -95,237 +104,238 @@ spec: properties: hash: type: string - replace: + security: + type: object + properties: + tls: + type: object + properties: + certificateAuthorities: + type: array + items: + type: object + properties: + source: + type: string + verification: + type: object + properties: + hash: + type: string + timeouts: + type: object + properties: + httpResponseHeaders: + type: integer + httpTotal: + type: integer + version: + description: Version string is the semantic version number of + the spec + type: string + passwd: + type: object + properties: + users: + type: array + items: type: object properties: - source: + name: + description: Name of user. Must be \"core\" user. type: string - verification: + sshAuthorizedKeys: + description: Public keys to be assigned to user core. + type: array + items: + type: string + storage: + description: Storage describes the desired state of the system's + storage devices. + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + directories: + description: Directories is the list of directories to be created + type: array + items: + description: Items is list of directories to be written + type: object + properties: + filesystem: + description: Filesystem is the internal identifier of + the filesystem in which to write the file. This matches + the last filesystem with the given identifier. + type: string + group: + description: Group object specifies group of the owner type: object properties: - hash: + id: + description: ID is the user ID of the owner + type: integer + name: + description: Name is the user name of the owner type: string - security: - type: object - properties: - tls: + mode: + description: Mode is the file's permission mode. Note + that the mode must be properly specified as a decimal + value (i.e. 0644 -> 420) + type: integer + overwrite: + description: Overwrite specifies whether to delete preexisting + nodes at the path + type: boolean + path: + description: Path is the absolute path to the file + type: string + user: + description: User object specifies the file's owner + type: object + properties: + id: + description: ID is the user ID of the owner + type: integer + name: + description: Name is the user name of the owner + type: string + files: + description: Files is the list of files to be created/modified + type: array + items: + description: Items is list of files to be written type: object + x-kubernetes-preserve-unknown-fields: true properties: - certificateAuthorities: - type: array - items: - type: object - properties: - source: - type: string - verification: - type: object - properties: - hash: - type: string - timeouts: - type: object - properties: - httpResponseHeaders: - type: integer - httpTotal: - type: integer - version: - description: Version string is the semantic version number of the spec - type: string - passwd: - type: object - properties: - users: - type: array - items: - type: object - properties: - name: - description: Name of user. Must be \"core\" user. - type: string - sshAuthorizedKeys: - description: Public keys to be assigned to user core. - type: array - items: + contents: + description: Contents specifies options related to the + contents of the file + type: object + properties: + compression: + description: The type of compression used on the contents + (null or gzip). Compression cannot be used with + S3. + type: string + source: + description: Source is the URL of the file contents. + Supported schemes are http, https, tftp, s3, and + data. When using http, it is advisable to use the + verification option to ensure the contents haven't + been modified. + type: string + verification: + description: Verification specifies options related + to the verification of the file contents + type: object + properties: + hash: + description: Hash is the hash of the config, in + the form - where type is sha512 + type: string + filesystem: + description: Filesystem is the internal identifier of + the filesystem in which to write the file. This matches + the last filesystem with the given identifier type: string - storage: - description: Storage describes the desired state of the system's storage devices. - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - directories: - description: Directories is the list of directories to be created - type: array - items: - description: Items is list of directories to be written - type: object - properties: - filesystem: - description: Filesystem is the internal identifier of the filesystem - in which to write the file. This matches the last filesystem with - the given identifier. - type: string - group: - description: Group object specifies group of the owner - type: object - properties: - id: - description: ID is the user ID of the owner - type: integer - name: - description: Name is the user name of the owner - type: string - mode: - description: Mode is the file's permission mode. Note that the mode - must be properly specified as a decimal value (i.e. 0644 -> 420) - type: integer - overwrite: - description: Overwrite specifies whether to delete preexisting nodes - at the path - type: boolean - path: - description: Path is the absolute path to the file - type: string - user: - description: User object specifies the file's owner - type: object - properties: - id: - description: ID is the user ID of the owner - type: integer - name: - description: Name is the user name of the owner - type: string - files: - description: Files is the list of files to be created/modified - type: array - items: - description: Items is list of files to be written - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - contents: - description: Contents specifies options related to the contents of - the file - type: object - properties: - compression: - description: The type of compression used on the contents (null - or gzip). Compression cannot be used with S3. - type: string - source: - description: Source is the URL of the file contents. Supported - schemes are http, https, tftp, s3, and data. When using http, - it is advisable to use the verification option to ensure the - contents haven't been modified. - type: string - verification: - description: Verification specifies options related to the - verification of the file contents - type: object - properties: - hash: - description: Hash is the hash of the config, in the form - - where type is sha512 - type: string - filesystem: - description: Filesystem is the internal identifier of the filesystem - in which to write the file. This matches the last filesystem with - the given identifier - type: string - group: - description: Group object specifies group of the owner - type: object - properties: - id: - description: ID specifies group ID of the owner - type: integer - name: - description: Name is the group name of the owner - type: string - mode: - description: Mode specifies the file's permission mode. Note that the - mode must be properly specified as a decimal value (i.e. 0644 -> 420) - type: integer - overwrite: - description: Overwrite specifies whether to delete preexisting nodes - at the path - type: boolean - path: - description: Path is the absolute path to the file - type: string - user: - description: User object specifies the file's owner - type: object - properties: - id: - description: ID is the user ID of the owner - type: integer - name: - description: Name is the user name of the owner - type: string - systemd: - description: systemd describes the desired state of the systemd units - type: object - properties: - units: - description: Units is a list of units to be configured - type: array - items: - description: Items describes unit configuration - type: object - properties: - contents: - description: Contents is the contents of the unit - type: string - dropins: - description: Dropins is the list of drop-ins for the unit - type: array - items: - description: Items describes unit dropin + group: + description: Group object specifies group of the owner type: object properties: - contents: - description: Contents is the contents of the drop-in + id: + description: ID specifies group ID of the owner + type: integer + name: + description: Name is the group name of the owner type: string + mode: + description: Mode specifies the file's permission mode. + Note that the mode must be properly specified as a decimal + value (i.e. 0644 -> 420) + type: integer + overwrite: + description: Overwrite specifies whether to delete preexisting + nodes at the path + type: boolean + path: + description: Path is the absolute path to the file + type: string + user: + description: User object specifies the file's owner + type: object + properties: + id: + description: ID is the user ID of the owner + type: integer name: - description: Name is the name of the drop-in. This must be suffixed - with '.conf' + description: Name is the user name of the owner type: string - enabled: - description: Enabled describes whether or not the service shall be enabled. - When true, the service is enabled. When false, the service is disabled. - When omitted, the service is unmodified. In order for this to have any - effect, the unit must have an install section - type: boolean - mask: - description: Mask describes whether or not the service shall be masked. - When true, the service is masked by symlinking it to /dev/null" - type: boolean - name: - description: Name is the name of the unit. This must be suffixed with a - valid unit type (e.g. 'thing.service') - type: string - extensions: - description: List of additional features that can be enabled on host - type: array - items: - type: string - nullable: true - fips: - description: FIPS controls FIPS mode - type: boolean - kernelArguments: - description: KernelArguments contains a list of kernel arguments to be added - type: array - items: + systemd: + description: systemd describes the desired state of the systemd + units + type: object + properties: + units: + description: Units is a list of units to be configured + type: array + items: + description: Items describes unit configuration + type: object + properties: + contents: + description: Contents is the contents of the unit + type: string + dropins: + description: Dropins is the list of drop-ins for the unit + type: array + items: + description: Items describes unit dropin + type: object + properties: + contents: + description: Contents is the contents of the drop-in + type: string + name: + description: Name is the name of the drop-in. This + must be suffixed with '.conf' + type: string + enabled: + description: Enabled describes whether or not the service + shall be enabled. When true, the service is enabled. + When false, the service is disabled. When omitted, the + service is unmodified. In order for this to have any + effect, the unit must have an install section + type: boolean + mask: + description: Mask describes whether or not the service + shall be masked. When true, the service is masked by + symlinking it to /dev/null" + type: boolean + name: + description: Name is the name of the unit. This must be + suffixed with a valid unit type (e.g. 'thing.service') + type: string + extensions: + description: List of additional features that can be enabled on host + type: array + items: + type: string + nullable: true + fips: + description: FIPS controls FIPS mode + type: boolean + kernelArguments: + description: KernelArguments contains a list of kernel arguments to + be added + type: array + items: + type: string + nullable: true + kernelType: + description: Contains which kernel we want to be running like default + (traditional), realtime + type: string + osImageURL: + description: OSImageURL specifies the remote location that will be used + to fetch the OS to fetch the OS. type: string - nullable: true - kernelType: - description: Contains which kernel we want to be running like default (traditional), realtime - type: string - osImageURL: - description: OSImageURL specifies the remote location that will be used to fetch the OS - to fetch the OS. - type: string diff --git a/install/0000_80_machine-config-operator_01_machineconfigpool.crd.yaml b/install/0000_80_machine-config-operator_01_machineconfigpool.crd.yaml index 868d576d91..c937e2090b 100644 --- a/install/0000_80_machine-config-operator_01_machineconfigpool.crd.yaml +++ b/install/0000_80_machine-config-operator_01_machineconfigpool.crd.yaml @@ -1,4 +1,4 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: # name must match the spec fields below, and be in the form: . @@ -10,59 +10,10 @@ metadata: include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" spec: - additionalPrinterColumns: - - JSONPath: .status.configuration.name - name: Config - type: string - - JSONPath: .status.conditions[?(@.type=="Updated")].status - description: When all the machines in the pool are updated to the correct machine - config. - name: Updated - type: string - - JSONPath: .status.conditions[?(@.type=="Updating")].status - description: When at least one of machine is not either not updated or is in the - process of updating to the desired machine config. - name: Updating - type: string - - JSONPath: .status.conditions[?(@.type=="Degraded")].status - description: When progress is blocked on updating one or more nodes, or the pool - configuration is failing. - name: Degraded - type: string - - JSONPath: .status.machineCount - description: Total number of machines in the machine config pool - name: MachineCount - type: number - - JSONPath: .status.readyMachineCount - description: Total number of ready machines targeted by the pool - name: ReadyMachineCount - type: number - - JSONPath: .status.updatedMachineCount - description: Total number of machines targeted by the pool that have the CurrentMachineConfig - as their config - name: UpdatedMachineCount - type: number - - JSONPath: .status.degradedMachineCount - description: Total number of machines marked degraded (or unreconcilable) - name: DegradedMachineCount - type: number - - JSONPath: .metadata.creationTimestamp - name: Age - type: date # group name to use for REST API: /apis// group: machineconfiguration.openshift.io - # list of versions supported by this CustomResourceDefinition - versions: - - name: v1 - # Each version can be enabled/disabled by Served flag. - served: true - # One and only one version must be marked as the storage version. - storage: true # either Namespaced or Cluster scope: Cluster - preserveUnknownFields: false - subresources: - status: {} names: # plural name to be used in the URL: /apis/// plural: machineconfigpools @@ -73,350 +24,398 @@ spec: # shortNames allow shorter string to match your resource on the CLI shortNames: - mcp - "validation": - "openAPIV3Schema": - description: MachineConfigPool describes a pool of MachineConfigs. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: MachineConfigPoolSpec is the spec for MachineConfigPool resource. - type: object - properties: - configuration: - description: The targeted MachineConfig object for the machine config - pool. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an - entire object, this string should contain a valid JSON/Go field - access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen only - to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change - in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is - made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - source: - description: source is the list of MachineConfig objects that were - used to generate the single MachineConfig object specified in - `content`. - type: array - items: - description: ObjectReference contains enough information to let - you inspect or modify the referred object. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part - of an object. TODO: this design is not final and this field - is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - machineConfigSelector: - description: machineConfigSelector specifies a label selector for MachineConfigs. - Refer https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ - on how label and selectors work. - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. - type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - type: array - items: + # list of versions supported by this CustomResourceDefinition + versions: + - name: v1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + subresources: + status: {} + additionalPrinterColumns: + - jsonPath: .status.configuration.name + name: Config + type: string + - jsonPath: .status.conditions[?(@.type=="Updated")].status + description: When all the machines in the pool are updated to the correct machine + config. + name: Updated + type: string + - jsonPath: .status.conditions[?(@.type=="Updating")].status + description: When at least one of machine is not either not updated or is in the + process of updating to the desired machine config. + name: Updating + type: string + - jsonPath: .status.conditions[?(@.type=="Degraded")].status + description: When progress is blocked on updating one or more nodes, or the pool + configuration is failing. + name: Degraded + type: string + - jsonPath: .status.machineCount + description: Total number of machines in the machine config pool + name: MachineCount + type: number + - jsonPath: .status.readyMachineCount + description: Total number of ready machines targeted by the pool + name: ReadyMachineCount + type: number + - jsonPath: .status.updatedMachineCount + description: Total number of machines targeted by the pool that have the CurrentMachineConfig + as their config + name: UpdatedMachineCount + type: number + - jsonPath: .status.degradedMachineCount + description: Total number of machines marked degraded (or unreconcilable) + name: DegradedMachineCount + type: number + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + schema: + openAPIV3Schema: + description: MachineConfigPool describes a pool of MachineConfigs. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineConfigPoolSpec is the spec for MachineConfigPool resource. + type: object + properties: + configuration: + description: The targeted MachineConfig object for the machine config + pool. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an + entire object, this string should contain a valid JSON/Go field + access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change + in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + source: + description: source is the list of MachineConfig objects that were + used to generate the single MachineConfig object specified in + `content`. + type: array + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + type: object + properties: + apiVersion: + description: API version of the referent. type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. - type: object - additionalProperties: + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' type: string - maxUnavailable: - description: maxUnavailable specifies the percentage or constant number - of machines that can be updating at any given time. default is 1. - anyOf: - - type: integer - - type: string - x-kubernetes-int-or-string: true - nodeSelector: - description: nodeSelector specifies a label selector for Machines - type: object - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - type: array - items: - description: A label selector requirement is a selector that contains - values, a key, and an operator that relates the key and values. + machineConfigSelector: + description: machineConfigSelector specifies a label selector for MachineConfigs. + Refer https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + on how label and selectors work. + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. + type: string + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. type: object - required: - - key - - operator - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship to a - set of values. Valid operators are In, NotIn, Exists and - DoesNotExist. - type: string - values: - description: values is an array of string values. If the operator - is In or NotIn, the values array must be non-empty. If the - operator is Exists or DoesNotExist, the values array must - be empty. This array is replaced during a strategic merge - patch. - type: array - items: + additionalProperties: + type: string + maxUnavailable: + description: maxUnavailable specifies the percentage or constant number + of machines that can be updating at any given time. default is 1. + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + nodeSelector: + description: nodeSelector specifies a label selector for Machines + type: object + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector that contains + values, a key, and an operator that relates the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to a + set of values. Valid operators are In, NotIn, Exists and + DoesNotExist. type: string - matchLabels: - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator is - "In", and the values array contains only "value". The requirements - are ANDed. + values: + description: values is an array of string values. If the operator + is In or NotIn, the values array must be non-empty. If the + operator is Exists or DoesNotExist, the values array must + be empty. This array is replaced during a strategic merge + patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator is + "In", and the values array contains only "value". The requirements + are ANDed. + type: object + additionalProperties: + type: string + paused: + description: paused specifies whether or not changes to this machine + config pool should be stopped. This includes generating new desiredMachineConfig + and update of machines. + type: boolean + status: + description: MachineConfigPoolStatus is the status for MachineConfigPool + resource. + type: object + properties: + conditions: + description: conditions represents the latest available observations + of current state. + type: array + items: + description: MachineConfigPoolCondition contains condition information + for an MachineConfigPool. type: object - additionalProperties: - type: string - paused: - description: paused specifies whether or not changes to this machine - config pool should be stopped. This includes generating new desiredMachineConfig - and update of machines. - type: boolean - status: - description: MachineConfigPoolStatus is the status for MachineConfigPool - resource. - type: object - properties: - conditions: - description: conditions represents the latest available observations - of current state. - type: array - items: - description: MachineConfigPoolCondition contains condition information - for an MachineConfigPool. + properties: + lastTransitionTime: + description: lastTransitionTime is the timestamp corresponding + to the last status change of this condition. + type: string + format: date-time + nullable: true + message: + description: message is a human readable description of the details + of the last transition, complementing reason. + type: string + reason: + description: reason is a brief machine readable explanation for + the condition's last transition. + type: string + status: + description: status of the condition, one of ('True', 'False', + 'Unknown'). + type: string + type: + description: type of the condition, currently ('Done', 'Updating', + 'Failed'). + type: string + configuration: + description: configuration represents the current MachineConfig object + for the machine config pool. type: object properties: - lastTransitionTime: - description: lastTransitionTime is the timestamp corresponding - to the last status change of this condition. + apiVersion: + description: API version of the referent. type: string - format: date-time - nullable: true - message: - description: message is a human readable description of the details - of the last transition, complementing reason. + fieldPath: + description: 'If referring to a piece of an object instead of an + entire object, this string should contain a valid JSON/Go field + access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change + in the future.' type: string - reason: - description: reason is a brief machine readable explanation for - the condition's last transition. + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string - status: - description: status of the condition, one of ('True', 'False', - 'Unknown'). + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' type: string - type: - description: type of the condition, currently ('Done', 'Updating', - 'Failed'). + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' type: string - configuration: - description: configuration represents the current MachineConfig object - for the machine config pool. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an - entire object, this string should contain a valid JSON/Go field - access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen only - to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change - in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is - made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - source: - description: source is the list of MachineConfig objects that were - used to generate the single MachineConfig object specified in - `content`. - type: array - items: - description: ObjectReference contains enough information to let - you inspect or modify the referred object. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead - of an entire object, this string should contain a valid - JSON/Go field access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen - only to have some well-defined way of referencing a part - of an object. TODO: this design is not final and this field - is subject to change in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference - is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' - type: string - degradedMachineCount: - description: degradedMachineCount represents the total number of machines - marked degraded (or unreconcilable). A node is marked degraded if - applying a configuration failed.. - type: integer - format: int32 - machineCount: - description: machineCount represents the total number of machines in - the machine config pool. - type: integer - format: int32 - observedGeneration: - description: observedGeneration represents the generation observed by - the controller. - type: integer - format: int64 - readyMachineCount: - description: readyMachineCount represents the total number of ready - machines targeted by the pool. - type: integer - format: int32 - unavailableMachineCount: - description: unavailableMachineCount represents the total number of - unavailable (non-ready) machines targeted by the pool. A node is marked - unavailable if it is in updating state or NodeReady condition is false. - type: integer - format: int32 - updatedMachineCount: - description: updatedMachineCount represents the total number of machines - targeted by the pool that have the CurrentMachineConfig as their config. - type: integer - format: int32 + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + source: + description: source is the list of MachineConfig objects that were + used to generate the single MachineConfig object specified in + `content`. + type: array + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part + of an object. TODO: this design is not final and this field + is subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + degradedMachineCount: + description: degradedMachineCount represents the total number of machines + marked degraded (or unreconcilable). A node is marked degraded if + applying a configuration failed.. + type: integer + format: int32 + machineCount: + description: machineCount represents the total number of machines in + the machine config pool. + type: integer + format: int32 + observedGeneration: + description: observedGeneration represents the generation observed by + the controller. + type: integer + format: int64 + readyMachineCount: + description: readyMachineCount represents the total number of ready + machines targeted by the pool. + type: integer + format: int32 + unavailableMachineCount: + description: unavailableMachineCount represents the total number of + unavailable (non-ready) machines targeted by the pool. A node is marked + unavailable if it is in updating state or NodeReady condition is false. + type: integer + format: int32 + updatedMachineCount: + description: updatedMachineCount represents the total number of machines + targeted by the pool that have the CurrentMachineConfig as their config. + type: integer + format: int32 diff --git a/install/0000_80_machine-config-operator_03_rbac.yaml b/install/0000_80_machine-config-operator_03_rbac.yaml index 5271041bf6..46a4cbd7e5 100644 --- a/install/0000_80_machine-config-operator_03_rbac.yaml +++ b/install/0000_80_machine-config-operator_03_rbac.yaml @@ -1,6 +1,6 @@ --- kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 +apiVersion: rbac.authorization.k8s.io/v1 metadata: name: default-account-openshift-machine-config-operator annotations: diff --git a/lib/resourceapply/apiext.go b/lib/resourceapply/apiext.go index 637ecc5ece..d5f2457b12 100644 --- a/lib/resourceapply/apiext.go +++ b/lib/resourceapply/apiext.go @@ -2,15 +2,16 @@ package resourceapply import ( "context" + "github.com/openshift/machine-config-operator/lib/resourcemerge" - apiextv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" - apiextclientv1beta1 "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1" + apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + apiextclientv1 "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) // ApplyCustomResourceDefinition applies the required CustomResourceDefinition to the cluster. -func ApplyCustomResourceDefinition(client apiextclientv1beta1.CustomResourceDefinitionsGetter, required *apiextv1beta1.CustomResourceDefinition) (*apiextv1beta1.CustomResourceDefinition, bool, error) { +func ApplyCustomResourceDefinition(client apiextclientv1.CustomResourceDefinitionsGetter, required *apiextv1.CustomResourceDefinition) (*apiextv1.CustomResourceDefinition, bool, error) { existing, err := client.CustomResourceDefinitions().Get(context.TODO(), required.Name, metav1.GetOptions{}) if apierrors.IsNotFound(err) { actual, err := client.CustomResourceDefinitions().Create(context.TODO(), required, metav1.CreateOptions{}) diff --git a/lib/resourcemerge/apiext.go b/lib/resourcemerge/apiext.go index 32e4043f62..4df67304b2 100644 --- a/lib/resourcemerge/apiext.go +++ b/lib/resourcemerge/apiext.go @@ -1,13 +1,13 @@ package resourcemerge import ( - apiextv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" + apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apimachinery/pkg/api/equality" ) // EnsureCustomResourceDefinition ensures that the existing matches the required. // modified is set to true when existing had to be updated with required. -func EnsureCustomResourceDefinition(modified *bool, existing *apiextv1beta1.CustomResourceDefinition, required apiextv1beta1.CustomResourceDefinition) { +func EnsureCustomResourceDefinition(modified *bool, existing *apiextv1.CustomResourceDefinition, required apiextv1.CustomResourceDefinition) { EnsureObjectMeta(modified, &existing.ObjectMeta, required.ObjectMeta) // we stomp everything diff --git a/lib/resourceread/apiext.go b/lib/resourceread/apiext.go index ed6fbeb169..521ee031c2 100644 --- a/lib/resourceread/apiext.go +++ b/lib/resourceread/apiext.go @@ -1,7 +1,7 @@ package resourceread import ( - apiextv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" + apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/serializer" ) @@ -12,16 +12,16 @@ var ( ) func init() { - if err := apiextv1beta1.AddToScheme(apiExtensionsScheme); err != nil { + if err := apiextv1.AddToScheme(apiExtensionsScheme); err != nil { panic(err) } } -// ReadCustomResourceDefinitionV1Beta1OrDie reads crd object from bytes. Panics on error. -func ReadCustomResourceDefinitionV1Beta1OrDie(objBytes []byte) *apiextv1beta1.CustomResourceDefinition { - requiredObj, err := runtime.Decode(apiExtensionsCodecs.UniversalDecoder(apiextv1beta1.SchemeGroupVersion), objBytes) +// ReadCustomResourceDefinitionV11OrDie reads crd object from bytes. Panics on error. +func ReadCustomResourceDefinitionV1OrDie(objBytes []byte) *apiextv1.CustomResourceDefinition { + requiredObj, err := runtime.Decode(apiExtensionsCodecs.UniversalDecoder(apiextv1.SchemeGroupVersion), objBytes) if err != nil { panic(err) } - return requiredObj.(*apiextv1beta1.CustomResourceDefinition) + return requiredObj.(*apiextv1.CustomResourceDefinition) } diff --git a/manifests/controllerconfig.crd.yaml b/manifests/controllerconfig.crd.yaml index 59c8492a92..0de4c7829d 100644 --- a/manifests/controllerconfig.crd.yaml +++ b/manifests/controllerconfig.crd.yaml @@ -1,4 +1,4 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: # name must match the spec fields below, and be in the form: . @@ -8,18 +8,8 @@ metadata: spec: # group name to use for REST API: /apis// group: machineconfiguration.openshift.io - # list of versions supported by this CustomResourceDefinition - versions: - - name: v1 - # Each version can be enabled/disabled by Served flag. - served: true - # One and only one version must be marked as the storage version. - storage: true # either Namespaced or Cluster scope: Cluster - preserveUnknownFields: false - subresources: - status: {} names: # plural name to be used in the URL: /apis/// plural: controllerconfigs @@ -27,488 +17,505 @@ spec: singular: controllerconfig # kind is normally the PascalCased singular type. Your resource manifests use this. kind: ControllerConfig - "validation": - "openAPIV3Schema": - description: ControllerConfig describes configuration for MachineConfigController. - This is currently only used to drive the MachineConfig objects generated by - the TemplateController. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ControllerConfigSpec is the spec for ControllerConfig resource. - type: object - properties: - additionalTrustBundle: - description: additionalTrustBundle is a certificate bundle that will - be added to the nodes trusted certificate store. - type: string - format: byte - nullable: true - cloudProviderCAData: - description: cloudProvider specifies the cloud provider CA data - type: string - format: byte - nullable: true - cloudProviderConfig: - description: cloudProviderConfig is the configuration for the given - cloud provider - type: string - clusterDNSIP: - description: clusterDNSIP is the cluster DNS IP address - type: string - dns: - description: dns holds the cluster dns details - type: object - nullable: true - required: - - spec - properties: - spec: - description: spec holds user settable values for configuration - type: object - properties: - baseDomain: - description: baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base. - type: string - publicZone: - description: publicZone is the location where all the DNS records that are publicly accessible to the internet exist. - type: object - properties: - id: - description: id is the identifier that can be used to find the DNS hosted zone. - type: string - tags: - additionalProperties: - type: string - description: tags can be used to query the DNS hosted zone. - type: object - privateZone: - description: privateZone is the location where all the DNS records that are only available internally to the cluster exist. - type: object - properties: - id: - description: id is the identifier that can be used to find the DNS hosted zone. - type: string - tags: - additionalProperties: - type: string - description: tags can be used to query the DNS hosted zone. - type: object - status: - description: status holds observed values from the cluster. They may not be overridden. - type: object - etcdDiscoveryDomain: - description: etcdDiscoveryDomain is deprecated, use infra.status.etcdDiscoveryDomain instead - type: string - images: - description: images is map of images that are used by the controller - to render templates under ./templates/ - type: object - additionalProperties: + # list of versions supported by this CustomResourceDefinition + versions: + - name: v1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: ControllerConfig describes configuration for MachineConfigController. + This is currently only used to drive the MachineConfig objects generated by + the TemplateController. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ControllerConfigSpec is the spec for ControllerConfig resource. + type: object + properties: + additionalTrustBundle: + description: additionalTrustBundle is a certificate bundle that will + be added to the nodes trusted certificate store. type: string - infra: - description: infra holds the infrastructure details - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the - latest internal value, and may reject unrecognized values. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - cloudConfig: - description: cloudConfig is a reference to a ConfigMap containing - the cloud provider configuration file. This configuration - file is used to configure the Kubernetes cloud provider integration - when using the built-in cloud provider integration or the - external cloud controller manager. The namespace for this - config map is openshift-config. - type: object - properties: - key: - description: Key allows pointing to a specific key/value - inside of the configmap. This is useful for logical file - references. - type: string - name: - type: string - status: - description: status holds observed values from the cluster. They - may not be overridden. - type: object - properties: - apiServerInternalURI: - description: apiServerInternalURL is a valid URI with scheme(http/https), - address and port. apiServerInternalURL can be used by components - like kubelets, to contact the Kubernetes API server using - the infrastructure provider rather than Kubernetes networking. - type: string - apiServerURL: - description: apiServerURL is a valid URI with scheme(http/https), - address and port. apiServerURL can be used by components - like the web console to tell users where to find the Kubernetes - API. - type: string - controlPlaneTopology: - description: controlPlaneTopology expresses the expectations for - operands that normally run on control nodes. The default is - HighlyAvailable, which represents the behavior operators have - in a normal cluster. The SingleReplica mode will be used in - single-node deployments and the operators should not configure - the operand for highly-available operation. - type: string - etcdDiscoveryDomain: - description: 'etcdDiscoveryDomain is the domain used to fetch - the SRV records for discovering etcd servers and clients. - For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery' - type: string - infrastructureName: - description: infrastructureName uniquely identifies a cluster - with a human friendly name. Once set it should not be changed. - Must be of max length 27 and must have only alphanumeric or - hyphen characters. - type: string - platform: - description: "platform is the underlying infrastructure provider - for the cluster. \n Deprecated: Use platformStatus.type instead." - type: string - platformStatus: - description: platformStatus holds status information specific - to the underlying infrastructure provider. - type: object - properties: - aws: - description: AWS contains settings specific to the Amazon - Web Services infrastructure provider. - type: object - properties: - region: - description: region holds the default AWS region for - new AWS resources created by the cluster. - type: string - azure: - description: Azure contains settings specific to the Azure - infrastructure provider. - type: object - properties: - networkResourceGroupName: - description: networkResourceGroupName is the Resource - Group for network resources like the Virtual Network - and Subnets used by the cluster. If empty, the value - is same as ResourceGroupName. - type: string - resourceGroupName: - description: resourceGroupName is the Resource Group - for new Azure resources created for the cluster. - type: string - baremetal: - description: BareMetal contains settings specific to the - BareMetal platform. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to - contact the Kubernetes API server that can be used - by components inside the cluster, like kubelets using - the infrastructure rather than Kubernetes networking. - It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve default - route host names. - type: string - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the - DNS operator, `NodeDNSIP` provides name resolution - for the nodes themselves. There is no DNS-as-a-service - for BareMetal deployments. In order to minimize necessary - changes to the datacenter DNS, a DNS service is hosted - as a static pod to serve those hostnames to the nodes - in the cluster. - type: string - gcp: - description: GCP contains settings specific to the Google - Cloud Platform infrastructure provider. - type: object - properties: - projectID: - description: resourceGroupName is the Project ID for - new GCP resources created for the cluster. - type: string - region: - description: region holds the region for new GCP resources - created for the cluster. - type: string - openstack: - description: OpenStack contains settings specific to the - OpenStack infrastructure provider. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to - contact the Kubernetes API server that can be used - by components inside the cluster, like kubelets using - the infrastructure rather than Kubernetes networking. - It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. - type: string - cloudName: - description: cloudName is the name of the desired OpenStack - cloud in the client configuration file (`clouds.yaml`). - type: string - ingressIP: - description: ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve default - route host names. - type: string - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the - DNS operator, `NodeDNSIP` provides name resolution - for the nodes themselves. There is no DNS-as-a-service - for OpenStack deployments. In order to minimize necessary - changes to the datacenter DNS, a DNS service is hosted - as a static pod to serve those hostnames to the nodes - in the cluster. - type: string - ovirt: - description: Ovirt contains settings specific to the oVirt - infrastructure provider. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to - contact the Kubernetes API server that can be used - by components inside the cluster, like kubelets using - the infrastructure rather than Kubernetes networking. - It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve default - route host names. - type: string - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the - DNS operator, `NodeDNSIP` provides name resolution - for the nodes themselves. There is no DNS-as-a-service - for oVirt deployments. In order to minimize necessary - changes to the datacenter DNS, a DNS service is hosted - as a static pod to serve those hostnames to the nodes - in the cluster. - type: string - kubevirt: - description: OpenShift contains settings specific to the - kubevirt infrastructure provider. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to - contact the Kubernetes API server that can be used - by components inside the cluster, like kubelets using - the infrastructure rather than Kubernetes networking. - It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve default - route host names. - type: string - type: - description: type is the underlying infrastructure provider - for the cluster. This value controls whether infrastructure - automation such as service load balancers, dynamic volume - provisioning, machine creation and deletion, and other - integrations are enabled. If None, no infrastructure automation - is enabled. Allowed values are "AWS", "Azure", "BareMetal", - "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt" and - "None". Individual components may not support all platforms, - and must handle unrecognized platforms as None if they - do not support that platform. - type: string - vsphere: - description: VSphere contains settings specific to the VSphere - infrastructure provider. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to - contact the Kubernetes API server that can be used - by components inside the cluster, like kubelets using - the infrastructure rather than Kubernetes networking. - It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve default - route host names. + format: byte + nullable: true + cloudProviderCAData: + description: cloudProvider specifies the cloud provider CA data + type: string + format: byte + nullable: true + cloudProviderConfig: + description: cloudProviderConfig is the configuration for the given + cloud provider + type: string + clusterDNSIP: + description: clusterDNSIP is the cluster DNS IP address + type: string + dns: + description: dns holds the cluster dns details + type: object + nullable: true + required: + - spec + properties: + spec: + description: spec holds user settable values for configuration + type: object + properties: + baseDomain: + description: baseDomain is the base domain of the cluster. All + managed DNS records will be sub-domains of this base. + type: string + publicZone: + description: publicZone is the location where all the DNS records + that are publicly accessible to the internet exist. + type: object + properties: + id: + description: id is the identifier that can be used to find + the DNS hosted zone. + type: string + tags: + additionalProperties: type: string - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the - DNS operator, `NodeDNSIP` provides name resolution - for the nodes themselves. There is no DNS-as-a-service - for vSphere deployments. In order to minimize necessary - changes to the datacenter DNS, a DNS service is hosted - as a static pod to serve those hostnames to the nodes - in the cluster. + description: tags can be used to query the DNS hosted zone. + type: object + privateZone: + description: privateZone is the location where all the DNS records + that are only available internally to the cluster exist. + type: object + properties: + id: + description: id is the identifier that can be used to find + the DNS hosted zone. + type: string + tags: + additionalProperties: type: string - nullable: true - ipFamilies: - description: ipFamilies indicates the IP families in use by the cluster - network - type: string - kubeAPIServerServingCAData: - description: kubeAPIServerServingCAData managed Kubelet to API Server - Cert... Rotated automatically - type: string - format: byte - networkType: - description: networkType holds the type of network the cluster is using - type: string - osImageURL: - description: osImageURL is the location of the container image that - contains the OS update payload. Its value is taken from the data.osImageURL - field on the machine-config-osimageurl ConfigMap. - type: string - platform: - description: platform is deprecated. Use infra.status.platformStatus.type instead - type: string - proxy: - description: proxy holds the current proxy configuration for the nodes - type: object - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS requests. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames and/or - CIDRs for which the proxy should not be used. - type: string - nullable: true - pullSecret: - description: pullSecret is the default pull secret that needs to be - installed on all machines. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an - entire object, this string should contain a valid JSON/Go field - access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen only - to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change - in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is - made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: tags can be used to query the DNS hosted zone. + type: object + status: + description: status holds observed values from the cluster. They + may not be overridden. + type: object + etcdDiscoveryDomain: + description: etcdDiscoveryDomain is deprecated, use infra.status.etcdDiscoveryDomain + instead + type: string + images: + description: images is map of images that are used by the controller + to render templates under ./templates/ + type: object + additionalProperties: type: string - rootCAData: - description: rootCAData specifies the root CA data - type: string - format: byte - status: - description: ControllerConfigStatus is the status for ControllerConfig - type: object - properties: - conditions: - description: conditions represents the latest available observations - of current state. - type: array - items: - description: ControllerConfigStatusCondition contains condition information - for ControllerConfigStatus + infra: + description: infra holds the infrastructure details type: object + required: + - spec properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status object. - type: string - format: date-time - nullable: true - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string - reason: - description: reason is the reason for the condition's last transition. Reasons - are PascalCase + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + cloudConfig: + description: cloudConfig is a reference to a ConfigMap containing + the cloud provider configuration file. This configuration + file is used to configure the Kubernetes cloud provider integration + when using the built-in cloud provider integration or the + external cloud controller manager. The namespace for this + config map is openshift-config. + type: object + properties: + key: + description: Key allows pointing to a specific key/value + inside of the configmap. This is useful for logical file + references. + type: string + name: + type: string status: - description: status of the condition, one of True, False, Unknown. + description: status holds observed values from the cluster. They + may not be overridden. + type: object + properties: + apiServerInternalURI: + description: apiServerInternalURL is a valid URI with scheme(http/https), + address and port. apiServerInternalURL can be used by components + like kubelets, to contact the Kubernetes API server using + the infrastructure provider rather than Kubernetes networking. + type: string + apiServerURL: + description: apiServerURL is a valid URI with scheme(http/https), + address and port. apiServerURL can be used by components + like the web console to tell users where to find the Kubernetes + API. + type: string + controlPlaneTopology: + description: controlPlaneTopology expresses the expectations + for operands that normally run on control nodes. The default + is HighlyAvailable, which represents the behavior operators + have in a normal cluster. The SingleReplica mode will be used + in single-node deployments and the operators should not configure + the operand for highly-available operation. + type: string + etcdDiscoveryDomain: + description: 'etcdDiscoveryDomain is the domain used to fetch + the SRV records for discovering etcd servers and clients. + For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery' + type: string + infrastructureName: + description: infrastructureName uniquely identifies a cluster + with a human friendly name. Once set it should not be changed. + Must be of max length 27 and must have only alphanumeric or + hyphen characters. + type: string + platform: + description: "platform is the underlying infrastructure provider + for the cluster. \n Deprecated: Use platformStatus.type instead." + type: string + platformStatus: + description: platformStatus holds status information specific + to the underlying infrastructure provider. + type: object + properties: + aws: + description: AWS contains settings specific to the Amazon + Web Services infrastructure provider. + type: object + properties: + region: + description: region holds the default AWS region for + new AWS resources created by the cluster. + type: string + azure: + description: Azure contains settings specific to the Azure + infrastructure provider. + type: object + properties: + networkResourceGroupName: + description: networkResourceGroupName is the Resource + Group for network resources like the Virtual Network + and Subnets used by the cluster. If empty, the value + is same as ResourceGroupName. + type: string + resourceGroupName: + description: resourceGroupName is the Resource Group + for new Azure resources created for the cluster. + type: string + baremetal: + description: BareMetal contains settings specific to the + BareMetal platform. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to + contact the Kubernetes API server that can be used + by components inside the cluster, like kubelets using + the infrastructure rather than Kubernetes networking. + It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer + in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes + to the default ingress controller. The IP is a suitable + target of a wildcard DNS record used to resolve default + route host names. + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal + DNS used by the nodes. Unlike the one managed by the + DNS operator, `NodeDNSIP` provides name resolution + for the nodes themselves. There is no DNS-as-a-service + for BareMetal deployments. In order to minimize necessary + changes to the datacenter DNS, a DNS service is hosted + as a static pod to serve those hostnames to the nodes + in the cluster. + type: string + gcp: + description: GCP contains settings specific to the Google + Cloud Platform infrastructure provider. + type: object + properties: + projectID: + description: resourceGroupName is the Project ID for + new GCP resources created for the cluster. + type: string + region: + description: region holds the region for new GCP resources + created for the cluster. + type: string + openstack: + description: OpenStack contains settings specific to the + OpenStack infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to + contact the Kubernetes API server that can be used + by components inside the cluster, like kubelets using + the infrastructure rather than Kubernetes networking. + It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer + in front of the API servers. + type: string + cloudName: + description: cloudName is the name of the desired OpenStack + cloud in the client configuration file (`clouds.yaml`). + type: string + ingressIP: + description: ingressIP is an external IP which routes + to the default ingress controller. The IP is a suitable + target of a wildcard DNS record used to resolve default + route host names. + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal + DNS used by the nodes. Unlike the one managed by the + DNS operator, `NodeDNSIP` provides name resolution + for the nodes themselves. There is no DNS-as-a-service + for OpenStack deployments. In order to minimize necessary + changes to the datacenter DNS, a DNS service is hosted + as a static pod to serve those hostnames to the nodes + in the cluster. + type: string + ovirt: + description: Ovirt contains settings specific to the oVirt + infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to + contact the Kubernetes API server that can be used + by components inside the cluster, like kubelets using + the infrastructure rather than Kubernetes networking. + It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer + in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes + to the default ingress controller. The IP is a suitable + target of a wildcard DNS record used to resolve default + route host names. + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal + DNS used by the nodes. Unlike the one managed by the + DNS operator, `NodeDNSIP` provides name resolution + for the nodes themselves. There is no DNS-as-a-service + for oVirt deployments. In order to minimize necessary + changes to the datacenter DNS, a DNS service is hosted + as a static pod to serve those hostnames to the nodes + in the cluster. + type: string + kubevirt: + description: OpenShift contains settings specific to the + kubevirt infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to + contact the Kubernetes API server that can be used + by components inside the cluster, like kubelets using + the infrastructure rather than Kubernetes networking. + It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer + in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes + to the default ingress controller. The IP is a suitable + target of a wildcard DNS record used to resolve default + route host names. + type: string + type: + description: type is the underlying infrastructure provider + for the cluster. This value controls whether infrastructure + automation such as service load balancers, dynamic volume + provisioning, machine creation and deletion, and other + integrations are enabled. If None, no infrastructure automation + is enabled. Allowed values are "AWS", "Azure", "BareMetal", + "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt" + and "None". Individual components may not support all + platforms, and must handle unrecognized platforms as None + if they do not support that platform. + type: string + vsphere: + description: VSphere contains settings specific to the VSphere + infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to + contact the Kubernetes API server that can be used + by components inside the cluster, like kubelets using + the infrastructure rather than Kubernetes networking. + It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer + in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes + to the default ingress controller. The IP is a suitable + target of a wildcard DNS record used to resolve default + route host names. + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal + DNS used by the nodes. Unlike the one managed by the + DNS operator, `NodeDNSIP` provides name resolution + for the nodes themselves. There is no DNS-as-a-service + for vSphere deployments. In order to minimize necessary + changes to the datacenter DNS, a DNS service is hosted + as a static pod to serve those hostnames to the nodes + in the cluster. + type: string + nullable: true + ipFamilies: + description: ipFamilies indicates the IP families in use by the cluster + network + type: string + kubeAPIServerServingCAData: + description: kubeAPIServerServingCAData managed Kubelet to API Server + Cert... Rotated automatically + type: string + format: byte + networkType: + description: networkType holds the type of network the cluster is using + type: string + osImageURL: + description: osImageURL is the location of the container image that + contains the OS update payload. Its value is taken from the data.osImageURL + field on the machine-config-osimageurl ConfigMap. + type: string + platform: + description: platform is deprecated. Use infra.status.platformStatus.type + instead + type: string + proxy: + description: proxy holds the current proxy configuration for the nodes + type: object + properties: + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. + type: string + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. + type: string + noProxy: + description: noProxy is a comma-separated list of hostnames and/or + CIDRs for which the proxy should not be used. + type: string + nullable: true + pullSecret: + description: pullSecret is the default pull secret that needs to be + installed on all machines. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an + entire object, this string should contain a valid JSON/Go field + access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change + in the future.' type: string - type: - description: type specifies the state of the operator's reconciliation - functionality. + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string - observedGeneration: - description: observedGeneration represents the generation observed by - the controller. - type: integer - format: int64 + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + rootCAData: + description: rootCAData specifies the root CA data + type: string + format: byte + status: + description: ControllerConfigStatus is the status for ControllerConfig + type: object + properties: + conditions: + description: conditions represents the latest available observations + of current state. + type: array + items: + description: ControllerConfigStatusCondition contains condition information + for ControllerConfigStatus + type: object + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + type: string + format: date-time + nullable: true + message: + description: message provides additional information about the + current condition. This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + observedGeneration: + description: observedGeneration represents the generation observed by + the controller. + type: integer + format: int64 diff --git a/pkg/operator/assets/bindata.go b/pkg/operator/assets/bindata.go index cfbd77765d..18c2e5c68b 100644 --- a/pkg/operator/assets/bindata.go +++ b/pkg/operator/assets/bindata.go @@ -168,7 +168,7 @@ func manifestsBootstrapPodV2Yaml() (*asset, error) { return a, nil } -var _manifestsControllerconfigCrdYaml = []byte(`apiVersion: apiextensions.k8s.io/v1beta1 +var _manifestsControllerconfigCrdYaml = []byte(`apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: # name must match the spec fields below, and be in the form: . @@ -178,18 +178,8 @@ metadata: spec: # group name to use for REST API: /apis// group: machineconfiguration.openshift.io - # list of versions supported by this CustomResourceDefinition - versions: - - name: v1 - # Each version can be enabled/disabled by Served flag. - served: true - # One and only one version must be marked as the storage version. - storage: true # either Namespaced or Cluster scope: Cluster - preserveUnknownFields: false - subresources: - status: {} names: # plural name to be used in the URL: /apis/// plural: controllerconfigs @@ -197,491 +187,508 @@ spec: singular: controllerconfig # kind is normally the PascalCased singular type. Your resource manifests use this. kind: ControllerConfig - "validation": - "openAPIV3Schema": - description: ControllerConfig describes configuration for MachineConfigController. - This is currently only used to drive the MachineConfig objects generated by - the TemplateController. - type: object - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: ControllerConfigSpec is the spec for ControllerConfig resource. - type: object - properties: - additionalTrustBundle: - description: additionalTrustBundle is a certificate bundle that will - be added to the nodes trusted certificate store. - type: string - format: byte - nullable: true - cloudProviderCAData: - description: cloudProvider specifies the cloud provider CA data - type: string - format: byte - nullable: true - cloudProviderConfig: - description: cloudProviderConfig is the configuration for the given - cloud provider - type: string - clusterDNSIP: - description: clusterDNSIP is the cluster DNS IP address - type: string - dns: - description: dns holds the cluster dns details - type: object - nullable: true - required: - - spec - properties: - spec: - description: spec holds user settable values for configuration - type: object - properties: - baseDomain: - description: baseDomain is the base domain of the cluster. All managed DNS records will be sub-domains of this base. - type: string - publicZone: - description: publicZone is the location where all the DNS records that are publicly accessible to the internet exist. - type: object - properties: - id: - description: id is the identifier that can be used to find the DNS hosted zone. - type: string - tags: - additionalProperties: - type: string - description: tags can be used to query the DNS hosted zone. - type: object - privateZone: - description: privateZone is the location where all the DNS records that are only available internally to the cluster exist. - type: object - properties: - id: - description: id is the identifier that can be used to find the DNS hosted zone. - type: string - tags: - additionalProperties: - type: string - description: tags can be used to query the DNS hosted zone. - type: object - status: - description: status holds observed values from the cluster. They may not be overridden. - type: object - etcdDiscoveryDomain: - description: etcdDiscoveryDomain is deprecated, use infra.status.etcdDiscoveryDomain instead - type: string - images: - description: images is map of images that are used by the controller - to render templates under ./templates/ - type: object - additionalProperties: + # list of versions supported by this CustomResourceDefinition + versions: + - name: v1 + # Each version can be enabled/disabled by Served flag. + served: true + # One and only one version must be marked as the storage version. + storage: true + subresources: + status: {} + schema: + openAPIV3Schema: + description: ControllerConfig describes configuration for MachineConfigController. + This is currently only used to drive the MachineConfig objects generated by + the TemplateController. + type: object + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ControllerConfigSpec is the spec for ControllerConfig resource. + type: object + properties: + additionalTrustBundle: + description: additionalTrustBundle is a certificate bundle that will + be added to the nodes trusted certificate store. type: string - infra: - description: infra holds the infrastructure details - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the - latest internal value, and may reject unrecognized values. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - cloudConfig: - description: cloudConfig is a reference to a ConfigMap containing - the cloud provider configuration file. This configuration - file is used to configure the Kubernetes cloud provider integration - when using the built-in cloud provider integration or the - external cloud controller manager. The namespace for this - config map is openshift-config. - type: object - properties: - key: - description: Key allows pointing to a specific key/value - inside of the configmap. This is useful for logical file - references. - type: string - name: - type: string - status: - description: status holds observed values from the cluster. They - may not be overridden. - type: object - properties: - apiServerInternalURI: - description: apiServerInternalURL is a valid URI with scheme(http/https), - address and port. apiServerInternalURL can be used by components - like kubelets, to contact the Kubernetes API server using - the infrastructure provider rather than Kubernetes networking. - type: string - apiServerURL: - description: apiServerURL is a valid URI with scheme(http/https), - address and port. apiServerURL can be used by components - like the web console to tell users where to find the Kubernetes - API. - type: string - controlPlaneTopology: - description: controlPlaneTopology expresses the expectations for - operands that normally run on control nodes. The default is - HighlyAvailable, which represents the behavior operators have - in a normal cluster. The SingleReplica mode will be used in - single-node deployments and the operators should not configure - the operand for highly-available operation. - type: string - etcdDiscoveryDomain: - description: 'etcdDiscoveryDomain is the domain used to fetch - the SRV records for discovering etcd servers and clients. - For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery' - type: string - infrastructureName: - description: infrastructureName uniquely identifies a cluster - with a human friendly name. Once set it should not be changed. - Must be of max length 27 and must have only alphanumeric or - hyphen characters. - type: string - platform: - description: "platform is the underlying infrastructure provider - for the cluster. \n Deprecated: Use platformStatus.type instead." - type: string - platformStatus: - description: platformStatus holds status information specific - to the underlying infrastructure provider. - type: object - properties: - aws: - description: AWS contains settings specific to the Amazon - Web Services infrastructure provider. - type: object - properties: - region: - description: region holds the default AWS region for - new AWS resources created by the cluster. - type: string - azure: - description: Azure contains settings specific to the Azure - infrastructure provider. - type: object - properties: - networkResourceGroupName: - description: networkResourceGroupName is the Resource - Group for network resources like the Virtual Network - and Subnets used by the cluster. If empty, the value - is same as ResourceGroupName. - type: string - resourceGroupName: - description: resourceGroupName is the Resource Group - for new Azure resources created for the cluster. - type: string - baremetal: - description: BareMetal contains settings specific to the - BareMetal platform. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to - contact the Kubernetes API server that can be used - by components inside the cluster, like kubelets using - the infrastructure rather than Kubernetes networking. - It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve default - route host names. - type: string - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the - DNS operator, `+"`"+`NodeDNSIP`+"`"+` provides name resolution - for the nodes themselves. There is no DNS-as-a-service - for BareMetal deployments. In order to minimize necessary - changes to the datacenter DNS, a DNS service is hosted - as a static pod to serve those hostnames to the nodes - in the cluster. - type: string - gcp: - description: GCP contains settings specific to the Google - Cloud Platform infrastructure provider. - type: object - properties: - projectID: - description: resourceGroupName is the Project ID for - new GCP resources created for the cluster. - type: string - region: - description: region holds the region for new GCP resources - created for the cluster. - type: string - openstack: - description: OpenStack contains settings specific to the - OpenStack infrastructure provider. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to - contact the Kubernetes API server that can be used - by components inside the cluster, like kubelets using - the infrastructure rather than Kubernetes networking. - It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. - type: string - cloudName: - description: cloudName is the name of the desired OpenStack - cloud in the client configuration file (`+"`"+`clouds.yaml`+"`"+`). - type: string - ingressIP: - description: ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve default - route host names. - type: string - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the - DNS operator, `+"`"+`NodeDNSIP`+"`"+` provides name resolution - for the nodes themselves. There is no DNS-as-a-service - for OpenStack deployments. In order to minimize necessary - changes to the datacenter DNS, a DNS service is hosted - as a static pod to serve those hostnames to the nodes - in the cluster. - type: string - ovirt: - description: Ovirt contains settings specific to the oVirt - infrastructure provider. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to - contact the Kubernetes API server that can be used - by components inside the cluster, like kubelets using - the infrastructure rather than Kubernetes networking. - It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve default - route host names. - type: string - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the - DNS operator, `+"`"+`NodeDNSIP`+"`"+` provides name resolution - for the nodes themselves. There is no DNS-as-a-service - for oVirt deployments. In order to minimize necessary - changes to the datacenter DNS, a DNS service is hosted - as a static pod to serve those hostnames to the nodes - in the cluster. - type: string - kubevirt: - description: OpenShift contains settings specific to the - kubevirt infrastructure provider. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to - contact the Kubernetes API server that can be used - by components inside the cluster, like kubelets using - the infrastructure rather than Kubernetes networking. - It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve default - route host names. - type: string - type: - description: type is the underlying infrastructure provider - for the cluster. This value controls whether infrastructure - automation such as service load balancers, dynamic volume - provisioning, machine creation and deletion, and other - integrations are enabled. If None, no infrastructure automation - is enabled. Allowed values are "AWS", "Azure", "BareMetal", - "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt" and - "None". Individual components may not support all platforms, - and must handle unrecognized platforms as None if they - do not support that platform. - type: string - vsphere: - description: VSphere contains settings specific to the VSphere - infrastructure provider. - type: object - properties: - apiServerInternalIP: - description: apiServerInternalIP is an IP address to - contact the Kubernetes API server that can be used - by components inside the cluster, like kubelets using - the infrastructure rather than Kubernetes networking. - It is the IP that the Infrastructure.status.apiServerInternalURI - points to. It is the IP for a self-hosted load balancer - in front of the API servers. - type: string - ingressIP: - description: ingressIP is an external IP which routes - to the default ingress controller. The IP is a suitable - target of a wildcard DNS record used to resolve default - route host names. + format: byte + nullable: true + cloudProviderCAData: + description: cloudProvider specifies the cloud provider CA data + type: string + format: byte + nullable: true + cloudProviderConfig: + description: cloudProviderConfig is the configuration for the given + cloud provider + type: string + clusterDNSIP: + description: clusterDNSIP is the cluster DNS IP address + type: string + dns: + description: dns holds the cluster dns details + type: object + nullable: true + required: + - spec + properties: + spec: + description: spec holds user settable values for configuration + type: object + properties: + baseDomain: + description: baseDomain is the base domain of the cluster. All + managed DNS records will be sub-domains of this base. + type: string + publicZone: + description: publicZone is the location where all the DNS records + that are publicly accessible to the internet exist. + type: object + properties: + id: + description: id is the identifier that can be used to find + the DNS hosted zone. + type: string + tags: + additionalProperties: type: string - nodeDNSIP: - description: nodeDNSIP is the IP address for the internal - DNS used by the nodes. Unlike the one managed by the - DNS operator, `+"`"+`NodeDNSIP`+"`"+` provides name resolution - for the nodes themselves. There is no DNS-as-a-service - for vSphere deployments. In order to minimize necessary - changes to the datacenter DNS, a DNS service is hosted - as a static pod to serve those hostnames to the nodes - in the cluster. + description: tags can be used to query the DNS hosted zone. + type: object + privateZone: + description: privateZone is the location where all the DNS records + that are only available internally to the cluster exist. + type: object + properties: + id: + description: id is the identifier that can be used to find + the DNS hosted zone. + type: string + tags: + additionalProperties: type: string - nullable: true - ipFamilies: - description: ipFamilies indicates the IP families in use by the cluster - network - type: string - kubeAPIServerServingCAData: - description: kubeAPIServerServingCAData managed Kubelet to API Server - Cert... Rotated automatically - type: string - format: byte - networkType: - description: networkType holds the type of network the cluster is using - type: string - osImageURL: - description: osImageURL is the location of the container image that - contains the OS update payload. Its value is taken from the data.osImageURL - field on the machine-config-osimageurl ConfigMap. - type: string - platform: - description: platform is deprecated. Use infra.status.platformStatus.type instead - type: string - proxy: - description: proxy holds the current proxy configuration for the nodes - type: object - properties: - httpProxy: - description: httpProxy is the URL of the proxy for HTTP requests. - type: string - httpsProxy: - description: httpsProxy is the URL of the proxy for HTTPS requests. - type: string - noProxy: - description: noProxy is a comma-separated list of hostnames and/or - CIDRs for which the proxy should not be used. - type: string - nullable: true - pullSecret: - description: pullSecret is the default pull secret that needs to be - installed on all machines. - type: object - properties: - apiVersion: - description: API version of the referent. - type: string - fieldPath: - description: 'If referring to a piece of an object instead of an - entire object, this string should contain a valid JSON/Go field - access statement, such as desiredState.manifest.containers[2]. - For example, if the object reference is to a container within - a pod, this would take on a value like: "spec.containers{name}" - (where "name" refers to the name of the container that triggered - the event) or if no container name is specified "spec.containers[2]" - (container with index 2 in this pod). This syntax is chosen only - to have some well-defined way of referencing a part of an object. - TODO: this design is not final and this field is subject to change - in the future.' - type: string - kind: - description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - name: - description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' - type: string - namespace: - description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' - type: string - resourceVersion: - description: 'Specific resourceVersion to which this reference is - made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' - type: string - uid: - description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + description: tags can be used to query the DNS hosted zone. + type: object + status: + description: status holds observed values from the cluster. They + may not be overridden. + type: object + etcdDiscoveryDomain: + description: etcdDiscoveryDomain is deprecated, use infra.status.etcdDiscoveryDomain + instead + type: string + images: + description: images is map of images that are used by the controller + to render templates under ./templates/ + type: object + additionalProperties: type: string - rootCAData: - description: rootCAData specifies the root CA data - type: string - format: byte - status: - description: ControllerConfigStatus is the status for ControllerConfig - type: object - properties: - conditions: - description: conditions represents the latest available observations - of current state. - type: array - items: - description: ControllerConfigStatusCondition contains condition information - for ControllerConfigStatus + infra: + description: infra holds the infrastructure details type: object + required: + - spec properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status object. - type: string - format: date-time - nullable: true - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the + latest internal value, and may reject unrecognized values. More + info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string - reason: - description: reason is the reason for the condition's last transition. Reasons - are PascalCase + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + cloudConfig: + description: cloudConfig is a reference to a ConfigMap containing + the cloud provider configuration file. This configuration + file is used to configure the Kubernetes cloud provider integration + when using the built-in cloud provider integration or the + external cloud controller manager. The namespace for this + config map is openshift-config. + type: object + properties: + key: + description: Key allows pointing to a specific key/value + inside of the configmap. This is useful for logical file + references. + type: string + name: + type: string status: - description: status of the condition, one of True, False, Unknown. + description: status holds observed values from the cluster. They + may not be overridden. + type: object + properties: + apiServerInternalURI: + description: apiServerInternalURL is a valid URI with scheme(http/https), + address and port. apiServerInternalURL can be used by components + like kubelets, to contact the Kubernetes API server using + the infrastructure provider rather than Kubernetes networking. + type: string + apiServerURL: + description: apiServerURL is a valid URI with scheme(http/https), + address and port. apiServerURL can be used by components + like the web console to tell users where to find the Kubernetes + API. + type: string + controlPlaneTopology: + description: controlPlaneTopology expresses the expectations + for operands that normally run on control nodes. The default + is HighlyAvailable, which represents the behavior operators + have in a normal cluster. The SingleReplica mode will be used + in single-node deployments and the operators should not configure + the operand for highly-available operation. + type: string + etcdDiscoveryDomain: + description: 'etcdDiscoveryDomain is the domain used to fetch + the SRV records for discovering etcd servers and clients. + For more info: https://github.com/etcd-io/etcd/blob/329be66e8b3f9e2e6af83c123ff89297e49ebd15/Documentation/op-guide/clustering.md#dns-discovery' + type: string + infrastructureName: + description: infrastructureName uniquely identifies a cluster + with a human friendly name. Once set it should not be changed. + Must be of max length 27 and must have only alphanumeric or + hyphen characters. + type: string + platform: + description: "platform is the underlying infrastructure provider + for the cluster. \n Deprecated: Use platformStatus.type instead." + type: string + platformStatus: + description: platformStatus holds status information specific + to the underlying infrastructure provider. + type: object + properties: + aws: + description: AWS contains settings specific to the Amazon + Web Services infrastructure provider. + type: object + properties: + region: + description: region holds the default AWS region for + new AWS resources created by the cluster. + type: string + azure: + description: Azure contains settings specific to the Azure + infrastructure provider. + type: object + properties: + networkResourceGroupName: + description: networkResourceGroupName is the Resource + Group for network resources like the Virtual Network + and Subnets used by the cluster. If empty, the value + is same as ResourceGroupName. + type: string + resourceGroupName: + description: resourceGroupName is the Resource Group + for new Azure resources created for the cluster. + type: string + baremetal: + description: BareMetal contains settings specific to the + BareMetal platform. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to + contact the Kubernetes API server that can be used + by components inside the cluster, like kubelets using + the infrastructure rather than Kubernetes networking. + It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer + in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes + to the default ingress controller. The IP is a suitable + target of a wildcard DNS record used to resolve default + route host names. + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal + DNS used by the nodes. Unlike the one managed by the + DNS operator, `+"`"+`NodeDNSIP`+"`"+` provides name resolution + for the nodes themselves. There is no DNS-as-a-service + for BareMetal deployments. In order to minimize necessary + changes to the datacenter DNS, a DNS service is hosted + as a static pod to serve those hostnames to the nodes + in the cluster. + type: string + gcp: + description: GCP contains settings specific to the Google + Cloud Platform infrastructure provider. + type: object + properties: + projectID: + description: resourceGroupName is the Project ID for + new GCP resources created for the cluster. + type: string + region: + description: region holds the region for new GCP resources + created for the cluster. + type: string + openstack: + description: OpenStack contains settings specific to the + OpenStack infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to + contact the Kubernetes API server that can be used + by components inside the cluster, like kubelets using + the infrastructure rather than Kubernetes networking. + It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer + in front of the API servers. + type: string + cloudName: + description: cloudName is the name of the desired OpenStack + cloud in the client configuration file (`+"`"+`clouds.yaml`+"`"+`). + type: string + ingressIP: + description: ingressIP is an external IP which routes + to the default ingress controller. The IP is a suitable + target of a wildcard DNS record used to resolve default + route host names. + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal + DNS used by the nodes. Unlike the one managed by the + DNS operator, `+"`"+`NodeDNSIP`+"`"+` provides name resolution + for the nodes themselves. There is no DNS-as-a-service + for OpenStack deployments. In order to minimize necessary + changes to the datacenter DNS, a DNS service is hosted + as a static pod to serve those hostnames to the nodes + in the cluster. + type: string + ovirt: + description: Ovirt contains settings specific to the oVirt + infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to + contact the Kubernetes API server that can be used + by components inside the cluster, like kubelets using + the infrastructure rather than Kubernetes networking. + It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer + in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes + to the default ingress controller. The IP is a suitable + target of a wildcard DNS record used to resolve default + route host names. + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal + DNS used by the nodes. Unlike the one managed by the + DNS operator, `+"`"+`NodeDNSIP`+"`"+` provides name resolution + for the nodes themselves. There is no DNS-as-a-service + for oVirt deployments. In order to minimize necessary + changes to the datacenter DNS, a DNS service is hosted + as a static pod to serve those hostnames to the nodes + in the cluster. + type: string + kubevirt: + description: OpenShift contains settings specific to the + kubevirt infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to + contact the Kubernetes API server that can be used + by components inside the cluster, like kubelets using + the infrastructure rather than Kubernetes networking. + It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer + in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes + to the default ingress controller. The IP is a suitable + target of a wildcard DNS record used to resolve default + route host names. + type: string + type: + description: type is the underlying infrastructure provider + for the cluster. This value controls whether infrastructure + automation such as service load balancers, dynamic volume + provisioning, machine creation and deletion, and other + integrations are enabled. If None, no infrastructure automation + is enabled. Allowed values are "AWS", "Azure", "BareMetal", + "GCP", "Libvirt", "OpenStack", "VSphere", "oVirt", "KubeVirt" + and "None". Individual components may not support all + platforms, and must handle unrecognized platforms as None + if they do not support that platform. + type: string + vsphere: + description: VSphere contains settings specific to the VSphere + infrastructure provider. + type: object + properties: + apiServerInternalIP: + description: apiServerInternalIP is an IP address to + contact the Kubernetes API server that can be used + by components inside the cluster, like kubelets using + the infrastructure rather than Kubernetes networking. + It is the IP that the Infrastructure.status.apiServerInternalURI + points to. It is the IP for a self-hosted load balancer + in front of the API servers. + type: string + ingressIP: + description: ingressIP is an external IP which routes + to the default ingress controller. The IP is a suitable + target of a wildcard DNS record used to resolve default + route host names. + type: string + nodeDNSIP: + description: nodeDNSIP is the IP address for the internal + DNS used by the nodes. Unlike the one managed by the + DNS operator, `+"`"+`NodeDNSIP`+"`"+` provides name resolution + for the nodes themselves. There is no DNS-as-a-service + for vSphere deployments. In order to minimize necessary + changes to the datacenter DNS, a DNS service is hosted + as a static pod to serve those hostnames to the nodes + in the cluster. + type: string + nullable: true + ipFamilies: + description: ipFamilies indicates the IP families in use by the cluster + network + type: string + kubeAPIServerServingCAData: + description: kubeAPIServerServingCAData managed Kubelet to API Server + Cert... Rotated automatically + type: string + format: byte + networkType: + description: networkType holds the type of network the cluster is using + type: string + osImageURL: + description: osImageURL is the location of the container image that + contains the OS update payload. Its value is taken from the data.osImageURL + field on the machine-config-osimageurl ConfigMap. + type: string + platform: + description: platform is deprecated. Use infra.status.platformStatus.type + instead + type: string + proxy: + description: proxy holds the current proxy configuration for the nodes + type: object + properties: + httpProxy: + description: httpProxy is the URL of the proxy for HTTP requests. + type: string + httpsProxy: + description: httpsProxy is the URL of the proxy for HTTPS requests. + type: string + noProxy: + description: noProxy is a comma-separated list of hostnames and/or + CIDRs for which the proxy should not be used. + type: string + nullable: true + pullSecret: + description: pullSecret is the default pull secret that needs to be + installed on all machines. + type: object + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of an + entire object, this string should contain a valid JSON/Go field + access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen only + to have some well-defined way of referencing a part of an object. + TODO: this design is not final and this field is subject to change + in the future.' type: string - type: - description: type specifies the state of the operator's reconciliation - functionality. + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string - observedGeneration: - description: observedGeneration represents the generation observed by - the controller. - type: integer - format: int64 + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference is + made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + rootCAData: + description: rootCAData specifies the root CA data + type: string + format: byte + status: + description: ControllerConfigStatus is the status for ControllerConfig + type: object + properties: + conditions: + description: conditions represents the latest available observations + of current state. + type: array + items: + description: ControllerConfigStatusCondition contains condition information + for ControllerConfigStatus + type: object + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status object. + type: string + format: date-time + nullable: true + message: + description: message provides additional information about the + current condition. This is only to be consumed by humans. + type: string + reason: + description: reason is the reason for the condition's last transition. Reasons + are PascalCase + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the state of the operator's reconciliation + functionality. + type: string + observedGeneration: + description: observedGeneration represents the generation observed by + the controller. + type: integer + format: int64 `) func manifestsControllerconfigCrdYamlBytes() ([]byte, error) { diff --git a/pkg/operator/operator.go b/pkg/operator/operator.go index ca8c4c9335..6887e34f35 100644 --- a/pkg/operator/operator.go +++ b/pkg/operator/operator.go @@ -11,8 +11,8 @@ import ( configclientset "github.com/openshift/client-go/config/clientset/versioned" corev1 "k8s.io/api/core/v1" apiextclientset "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset" - apiextinformersv1beta1 "k8s.io/apiextensions-apiserver/pkg/client/informers/externalversions/apiextensions/v1beta1" - apiextlistersv1beta1 "k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/v1beta1" + apiextinformersv1 "k8s.io/apiextensions-apiserver/pkg/client/informers/externalversions/apiextensions/v1" + apiextlistersv1 "k8s.io/apiextensions-apiserver/pkg/client/listers/apiextensions/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" utilruntime "k8s.io/apimachinery/pkg/util/runtime" @@ -69,7 +69,7 @@ type Operator struct { syncHandler func(ic string) error - crdLister apiextlistersv1beta1.CustomResourceDefinitionLister + crdLister apiextlistersv1.CustomResourceDefinitionLister mcpLister mcfglistersv1.MachineConfigPoolLister ccLister mcfglistersv1.ControllerConfigLister mcLister mcfglistersv1.MachineConfigLister @@ -115,7 +115,7 @@ func New( mcInformer mcfginformersv1.MachineConfigInformer, controllerConfigInformer mcfginformersv1.ControllerConfigInformer, serviceAccountInfomer coreinformersv1.ServiceAccountInformer, - crdInformer apiextinformersv1beta1.CustomResourceDefinitionInformer, + crdInformer apiextinformersv1.CustomResourceDefinitionInformer, deployInformer appsinformersv1.DeploymentInformer, daemonsetInformer appsinformersv1.DaemonSetInformer, clusterRoleInformer rbacinformersv1.ClusterRoleInformer, @@ -211,7 +211,7 @@ func (optr *Operator) Run(workers int, stopCh <-chan struct{}) { defer utilruntime.HandleCrash() defer optr.queue.ShutDown() - apiClient := optr.apiExtClient.ApiextensionsV1beta1() + apiClient := optr.apiExtClient.ApiextensionsV1() _, err := apiClient.CustomResourceDefinitions().Get(context.TODO(), "controllerconfigs.machineconfiguration.openshift.io", metav1.GetOptions{}) if err != nil { if apierrors.IsNotFound(err) { diff --git a/pkg/operator/sync.go b/pkg/operator/sync.go index fa92658d42..348552f8a4 100644 --- a/pkg/operator/sync.go +++ b/pkg/operator/sync.go @@ -16,7 +16,7 @@ import ( appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" - apiextv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" + apiextv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" @@ -290,8 +290,8 @@ func (optr *Operator) syncCustomResourceDefinitions() error { if err != nil { return fmt.Errorf("error getting asset %s: %v", crd, err) } - c := resourceread.ReadCustomResourceDefinitionV1Beta1OrDie(crdBytes) - _, updated, err := resourceapply.ApplyCustomResourceDefinition(optr.apiExtClient.ApiextensionsV1beta1(), c) + c := resourceread.ReadCustomResourceDefinitionV1OrDie(crdBytes) + _, updated, err := resourceapply.ApplyCustomResourceDefinition(optr.apiExtClient.ApiextensionsV1(), c) if err != nil { return err } @@ -658,7 +658,7 @@ const ( controllerConfigCompletedTimeout = 5 * time.Minute ) -func (optr *Operator) waitForCustomResourceDefinition(resource *apiextv1beta1.CustomResourceDefinition) error { +func (optr *Operator) waitForCustomResourceDefinition(resource *apiextv1.CustomResourceDefinition) error { var lastErr error if err := wait.Poll(customResourceReadyInterval, customResourceReadyTimeout, func() (bool, error) { crd, err := optr.crdLister.Get(resource.Name) @@ -668,7 +668,7 @@ func (optr *Operator) waitForCustomResourceDefinition(resource *apiextv1beta1.Cu } for _, condition := range crd.Status.Conditions { - if condition.Type == apiextv1beta1.Established && condition.Status == apiextv1beta1.ConditionTrue { + if condition.Type == apiextv1.Established && condition.Status == apiextv1.ConditionTrue { return true, nil } } diff --git a/test/framework/clientset.go b/test/framework/clientset.go index 8a0975f24c..917b45bc47 100644 --- a/test/framework/clientset.go +++ b/test/framework/clientset.go @@ -6,7 +6,7 @@ import ( "github.com/golang/glog" clientconfigv1 "github.com/openshift/client-go/config/clientset/versioned/typed/config/v1" clientmachineconfigv1 "github.com/openshift/machine-config-operator/pkg/generated/clientset/versioned/typed/machineconfiguration.openshift.io/v1" - clientapiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1beta1" + clientapiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/client/clientset/clientset/typed/apiextensions/v1" appsv1client "k8s.io/client-go/kubernetes/typed/apps/v1" corev1client "k8s.io/client-go/kubernetes/typed/core/v1" "k8s.io/client-go/rest" @@ -18,7 +18,7 @@ type ClientSet struct { appsv1client.AppsV1Interface clientconfigv1.ConfigV1Interface clientmachineconfigv1.MachineconfigurationV1Interface - clientapiextensionsv1beta1.ApiextensionsV1beta1Interface + clientapiextensionsv1.ApiextensionsV1Interface } // NewClientSet returns a *ClientBuilder with the given kubeconfig. @@ -45,7 +45,7 @@ func NewClientSet(kubeconfig string) *ClientSet { clientSet.CoreV1Interface = corev1client.NewForConfigOrDie(config) clientSet.ConfigV1Interface = clientconfigv1.NewForConfigOrDie(config) clientSet.MachineconfigurationV1Interface = clientmachineconfigv1.NewForConfigOrDie(config) - clientSet.ApiextensionsV1beta1Interface = clientapiextensionsv1beta1.NewForConfigOrDie(config) + clientSet.ApiextensionsV1Interface = clientapiextensionsv1.NewForConfigOrDie(config) clientSet.AppsV1Interface = appsv1client.NewForConfigOrDie(config) return clientSet