From 1c62b6431aebafcf08e37d752cda2204f81dab22 Mon Sep 17 00:00:00 2001 From: Qi Wang Date: Tue, 23 Jul 2024 12:02:36 -0400 Subject: [PATCH] OCPNODE-2438: bump API and update CRD manifests Bump API to get the ClusterImagePolicy doc update Run hack/crds-sync.sh to update the manifests Signed-off-by: Qi Wang --- go.mod | 2 +- go.sum | 4 ++-- ...usterimagepolicies-CustomNoUpgrade.crd.yaml | 16 ++++++++++------ ...rimagepolicies-DevPreviewNoUpgrade.crd.yaml | 16 ++++++++++------ ...imagepolicies-TechPreviewNoUpgrade.crd.yaml | 16 ++++++++++------ ...0_machine-config_01_kubeletconfigs.crd.yaml | 1 + .../v1alpha1/types_cluster_image_policy.go | 2 +- .../api/config/v1alpha1/types_image_policy.go | 2 +- ...z_generated.featuregated-crd-manifests.yaml | 8 ++++---- vendor/github.com/openshift/api/features.md | 3 +-- .../openshift/api/features/features.go | 18 ++++++------------ vendor/modules.txt | 2 +- 12 files changed, 48 insertions(+), 42 deletions(-) diff --git a/go.mod b/go.mod index 0658546286..4a9cc542ec 100644 --- a/go.mod +++ b/go.mod @@ -29,7 +29,7 @@ require ( github.com/google/renameio v0.1.0 github.com/imdario/mergo v0.3.13 github.com/opencontainers/go-digest v1.0.0 - github.com/openshift/api v0.0.0-20240715101244-b0adfa1f6357 + github.com/openshift/api v0.0.0-20240722135205-ae4f370f361f github.com/openshift/client-go v0.0.0-20240528061634-b054aa794d87 github.com/openshift/library-go v0.0.0-20240607134135-aed018c215a1 github.com/openshift/runtime-utils v0.0.0-20230921210328-7bdb5b9c177b diff --git a/go.sum b/go.sum index 6c24efbe86..ef22f1d023 100644 --- a/go.sum +++ b/go.sum @@ -595,8 +595,8 @@ github.com/opencontainers/runc v1.1.12 h1:BOIssBaW1La0/qbNZHXOOa71dZfZEQOzW7dqQf github.com/opencontainers/runc v1.1.12/go.mod h1:S+lQwSfncpBha7XTy/5lBwWgm5+y5Ma/O44Ekby9FK8= github.com/opencontainers/runtime-spec v1.1.0 h1:HHUyrt9mwHUjtasSbXSMvs4cyFxh+Bll4AjJ9odEGpg= github.com/opencontainers/runtime-spec v1.1.0/go.mod h1:jwyrGlmzljRJv/Fgzds9SsS/C5hL+LL3ko9hs6T5lQ0= -github.com/openshift/api v0.0.0-20240715101244-b0adfa1f6357 h1:yp8QH1cSR7zynJlJMdluuD/QEGxY980uV1cooF2snio= -github.com/openshift/api v0.0.0-20240715101244-b0adfa1f6357/go.mod h1:OOh6Qopf21pSzqNVCB5gomomBXb8o5sGKZxG2KNpaXM= +github.com/openshift/api v0.0.0-20240722135205-ae4f370f361f h1:B+uJ4LmjO+qwMTZP2YhlpMziMPD4MD1++WdCAV2y+GI= +github.com/openshift/api v0.0.0-20240722135205-ae4f370f361f/go.mod h1:OOh6Qopf21pSzqNVCB5gomomBXb8o5sGKZxG2KNpaXM= github.com/openshift/client-go v0.0.0-20240528061634-b054aa794d87 h1:JtLhaGpSEconE+1IKmIgCOof/Len5ceG6H1pk43yv5U= github.com/openshift/client-go v0.0.0-20240528061634-b054aa794d87/go.mod h1:3IPD4U0qyovZS4EFady2kqY32m8lGcbs/Wx+yprg9z8= github.com/openshift/kube-openapi v0.0.0-20230816122517-ffc8f001abb0 h1:GPlAy197Jkr+D0T2FNWanamraTdzS/r9ZkT29lxvHaA= diff --git a/install/0000_10_config-operator_01_clusterimagepolicies-CustomNoUpgrade.crd.yaml b/install/0000_10_config-operator_01_clusterimagepolicies-CustomNoUpgrade.crd.yaml index 8eb9acab81..a4e578f164 100644 --- a/install/0000_10_config-operator_01_clusterimagepolicies-CustomNoUpgrade.crd.yaml +++ b/install/0000_10_config-operator_01_clusterimagepolicies-CustomNoUpgrade.crd.yaml @@ -282,12 +282,16 @@ spec: with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid - case, but example*.*.com is not. Please be aware that the scopes - should not be nested under the repositories of OpenShift Container - Platform images. If configured, the policies for OpenShift Container - Platform repositories will not be in effect. For additional details - about the format, please refer to the document explaining the docker - transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker' + case, but example*.*.com is not. If multiple scopes match a given + image, only the policy requirements for the most specific scope + apply. The policy requirements for more general scopes are ignored. + In addition to setting a policy appropriate for your own deployed + applications, make sure that a policy on the OpenShift image repositories + quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev + (or on a more general scope) allows deployment of the OpenShift + images required for cluster operation. For additional details about + the format, please refer to the document explaining the docker transport + field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker' items: maxLength: 512 type: string diff --git a/install/0000_10_config-operator_01_clusterimagepolicies-DevPreviewNoUpgrade.crd.yaml b/install/0000_10_config-operator_01_clusterimagepolicies-DevPreviewNoUpgrade.crd.yaml index 79c49e0580..9da0e07ee4 100644 --- a/install/0000_10_config-operator_01_clusterimagepolicies-DevPreviewNoUpgrade.crd.yaml +++ b/install/0000_10_config-operator_01_clusterimagepolicies-DevPreviewNoUpgrade.crd.yaml @@ -282,12 +282,16 @@ spec: with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid - case, but example*.*.com is not. Please be aware that the scopes - should not be nested under the repositories of OpenShift Container - Platform images. If configured, the policies for OpenShift Container - Platform repositories will not be in effect. For additional details - about the format, please refer to the document explaining the docker - transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker' + case, but example*.*.com is not. If multiple scopes match a given + image, only the policy requirements for the most specific scope + apply. The policy requirements for more general scopes are ignored. + In addition to setting a policy appropriate for your own deployed + applications, make sure that a policy on the OpenShift image repositories + quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev + (or on a more general scope) allows deployment of the OpenShift + images required for cluster operation. For additional details about + the format, please refer to the document explaining the docker transport + field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker' items: maxLength: 512 type: string diff --git a/install/0000_10_config-operator_01_clusterimagepolicies-TechPreviewNoUpgrade.crd.yaml b/install/0000_10_config-operator_01_clusterimagepolicies-TechPreviewNoUpgrade.crd.yaml index a7e17da5db..582f4a91fe 100644 --- a/install/0000_10_config-operator_01_clusterimagepolicies-TechPreviewNoUpgrade.crd.yaml +++ b/install/0000_10_config-operator_01_clusterimagepolicies-TechPreviewNoUpgrade.crd.yaml @@ -282,12 +282,16 @@ spec: with `*.`, for matching all subdomains (not including a port number). Wildcards are only supported for subdomain matching, and may not be used in the middle of the host, i.e. *.example.com is a valid - case, but example*.*.com is not. Please be aware that the scopes - should not be nested under the repositories of OpenShift Container - Platform images. If configured, the policies for OpenShift Container - Platform repositories will not be in effect. For additional details - about the format, please refer to the document explaining the docker - transport field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker' + case, but example*.*.com is not. If multiple scopes match a given + image, only the policy requirements for the most specific scope + apply. The policy requirements for more general scopes are ignored. + In addition to setting a policy appropriate for your own deployed + applications, make sure that a policy on the OpenShift image repositories + quay.io/openshift-release-dev/ocp-release, quay.io/openshift-release-dev/ocp-v4.0-art-dev + (or on a more general scope) allows deployment of the OpenShift + images required for cluster operation. For additional details about + the format, please refer to the document explaining the docker transport + field, which can be found at: https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md#docker' items: maxLength: 512 type: string diff --git a/install/0000_80_machine-config_01_kubeletconfigs.crd.yaml b/install/0000_80_machine-config_01_kubeletconfigs.crd.yaml index 08958ed1ef..af1f8a680d 100644 --- a/install/0000_80_machine-config_01_kubeletconfigs.crd.yaml +++ b/install/0000_80_machine-config_01_kubeletconfigs.crd.yaml @@ -126,6 +126,7 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic minTLSVersion: description: "minTLSVersion is used to specify the minimal version of the TLS protocol that is negotiated during the diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go index 676065d5f8..e3670f03e8 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_cluster_image_policy.go @@ -14,7 +14,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1457 // +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 -// +openshift:enable:FeatureGate=ImagePolicy +// +openshift:enable:FeatureGate=SigstoreImageVerification // +openshift:compatibility-gen:level=4 type ClusterImagePolicy struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go b/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go index 241837dbd9..7031110ff1 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go +++ b/vendor/github.com/openshift/api/config/v1alpha1/types_image_policy.go @@ -13,7 +13,7 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" // +kubebuilder:subresource:status // +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1457 // +openshift:file-pattern=cvoRunLevel=0000_10,operatorName=config-operator,operatorOrdering=01 -// +openshift:enable:FeatureGate=ImagePolicy +// +openshift:enable:FeatureGate=SigstoreImageVerification // +openshift:compatibility-gen:level=4 type ImagePolicy struct { metav1.TypeMeta `json:",inline"` diff --git a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml index 9b5744d4a0..393365b41c 100644 --- a/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml +++ b/vendor/github.com/openshift/api/config/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -28,7 +28,7 @@ clusterimagepolicies.config.openshift.io: Capability: "" Category: "" FeatureGates: - - ImagePolicy + - SigstoreImageVerification FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" @@ -41,7 +41,7 @@ clusterimagepolicies.config.openshift.io: Scope: Cluster ShortNames: null TopLevelFeatureGates: - - ImagePolicy + - SigstoreImageVerification Version: v1alpha1 imagepolicies.config.openshift.io: @@ -51,7 +51,7 @@ imagepolicies.config.openshift.io: Capability: "" Category: "" FeatureGates: - - ImagePolicy + - SigstoreImageVerification FilenameOperatorName: config-operator FilenameOperatorOrdering: "01" FilenameRunLevel: "0000_10" @@ -64,7 +64,7 @@ imagepolicies.config.openshift.io: Scope: Namespaced ShortNames: null TopLevelFeatureGates: - - ImagePolicy + - SigstoreImageVerification Version: v1alpha1 insightsdatagathers.config.openshift.io: diff --git a/vendor/github.com/openshift/api/features.md b/vendor/github.com/openshift/api/features.md index a25a73f2ab..5cfb51e280 100644 --- a/vendor/github.com/openshift/api/features.md +++ b/vendor/github.com/openshift/api/features.md @@ -1,7 +1,6 @@ | FeatureGate | Default on Hypershift | Default on SelfManagedHA | DevPreviewNoUpgrade on Hypershift | DevPreviewNoUpgrade on SelfManagedHA | TechPreviewNoUpgrade on Hypershift | TechPreviewNoUpgrade on SelfManagedHA | | ------ | --- | --- | --- | --- | --- | --- | | ClusterAPIInstall| | | | | | | -| ClusterAPIInstallAzure| | | | | | | | ClusterAPIInstallIBMCloud| | | | | | | | EventedPLEG| | | | | | | | MachineAPIMigration| | | | | | | @@ -13,6 +12,7 @@ | AutomatedEtcdBackup| | | Enabled | Enabled | Enabled | Enabled | | CSIDriverSharedResource| | | Enabled | Enabled | Enabled | Enabled | | ChunkSizeMiB| | | Enabled | Enabled | Enabled | Enabled | +| ClusterAPIInstallAzure| | | Enabled | Enabled | Enabled | Enabled | | ClusterAPIInstallGCP| | | Enabled | Enabled | Enabled | Enabled | | ClusterAPIInstallPowerVS| | | Enabled | Enabled | Enabled | Enabled | | ClusterMonitoringConfig| | | Enabled | Enabled | Enabled | Enabled | @@ -23,7 +23,6 @@ | ExternalRouteCertificate| | | Enabled | Enabled | Enabled | Enabled | | GCPClusterHostedDNS| | | Enabled | Enabled | Enabled | Enabled | | GCPLabelsTags| | | Enabled | Enabled | Enabled | Enabled | -| ImagePolicy| | | Enabled | Enabled | Enabled | Enabled | | IngressControllerLBSubnetsAWS| | | Enabled | Enabled | Enabled | Enabled | | InsightsConfig| | | Enabled | Enabled | Enabled | Enabled | | InsightsConfigAPI| | | Enabled | Enabled | Enabled | Enabled | diff --git a/vendor/github.com/openshift/api/features/features.go b/vendor/github.com/openshift/api/features/features.go index 025802f22f..59e8089451 100644 --- a/vendor/github.com/openshift/api/features/features.go +++ b/vendor/github.com/openshift/api/features/features.go @@ -447,13 +447,6 @@ var ( enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() - FeatureGateImagePolicy = newFeatureGate("ImagePolicy"). - reportProblemsToJiraComponent("node"). - contactPerson("rphillips"). - productScope(ocpSpecific). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() - FeatureGateNodeDisruptionPolicy = newFeatureGate("NodeDisruptionPolicy"). reportProblemsToJiraComponent("MachineConfigOperator"). contactPerson("jerzhang"). @@ -486,6 +479,7 @@ var ( reportProblemsToJiraComponent("Installer"). contactPerson("jhixson74"). productScope(ocpSpecific). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). mustRegister() FeatureGateClusterAPIInstallGCP = newFeatureGate("ClusterAPIInstallGCP"). @@ -575,9 +569,9 @@ var ( mustRegister() FeatureGateIngressControllerLBSubnetsAWS = newFeatureGate("IngressControllerLBSubnetsAWS"). - reportProblemsToJiraComponent("Routing"). - contactPerson("miciah"). - productScope(ocpSpecific). - enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). - mustRegister() + reportProblemsToJiraComponent("Routing"). + contactPerson("miciah"). + productScope(ocpSpecific). + enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade). + mustRegister() ) diff --git a/vendor/modules.txt b/vendor/modules.txt index 3396c96e97..eb2ba9dab9 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -962,7 +962,7 @@ github.com/opencontainers/runc/libcontainer/user # github.com/opencontainers/runtime-spec v1.1.0 ## explicit github.com/opencontainers/runtime-spec/specs-go -# github.com/openshift/api v0.0.0-20240715101244-b0adfa1f6357 +# github.com/openshift/api v0.0.0-20240722135205-ae4f370f361f ## explicit; go 1.22.0 github.com/openshift/api github.com/openshift/api/annotations