diff --git a/go.mod b/go.mod index 9ddcf037dff7..b7ec20fd87fc 100644 --- a/go.mod +++ b/go.mod @@ -30,11 +30,11 @@ require ( github.com/onsi/ginkgo v4.7.0-origin.0+incompatible github.com/onsi/gomega v1.7.0 github.com/opencontainers/go-digest v1.0.0 - github.com/openshift/api v0.0.0-20210423140644-156ca80f8d83 - github.com/openshift/apiserver-library-go v0.0.0-20210426120049-59b0e972bfb7 + github.com/openshift/api v0.0.0-20210521075222-e273a339932a + github.com/openshift/apiserver-library-go v0.0.0-20210521113822-91c23a9a7ddf github.com/openshift/build-machinery-go v0.0.0-20210423112049-9415d7ebd33e - github.com/openshift/client-go v0.0.0-20210422153130-25c8450d1535 - github.com/openshift/library-go v0.0.0-20210420183610-0e395da73318 + github.com/openshift/client-go v0.0.0-20210521082421-73d9475a9142 + github.com/openshift/library-go v0.0.0-20210521084623-7392ea9b02ca github.com/pborman/uuid v1.2.0 github.com/pquerna/cachecontrol v0.0.0-20201205024021-ac21108117ac // indirect github.com/prometheus/client_golang v1.7.1 @@ -54,19 +54,19 @@ require ( gopkg.in/ldap.v2 v2.5.1 gopkg.in/src-d/go-git.v4 v4.13.1 gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.21.0-rc.0 - k8s.io/apiextensions-apiserver v0.21.0-rc.0 - k8s.io/apimachinery v0.21.0-rc.0 - k8s.io/apiserver v0.21.0-rc.0 + k8s.io/api v0.21.1 + k8s.io/apiextensions-apiserver v0.21.1 + k8s.io/apimachinery v0.21.1 + k8s.io/apiserver v0.21.1 k8s.io/cli-runtime v0.21.0-rc.0 - k8s.io/client-go v0.21.0-rc.0 - k8s.io/component-base v0.21.0-rc.0 + k8s.io/client-go v0.21.1 + k8s.io/component-base v0.21.1 k8s.io/component-helpers v0.0.0 k8s.io/klog/v2 v2.8.0 k8s.io/kube-openapi v0.0.0-20210305001622-591a79e4bda7 k8s.io/kubectl v0.21.0-rc.0 k8s.io/kubelet v0.21.0-rc.0 - k8s.io/kubernetes v1.21.0-rc.0 + k8s.io/kubernetes v1.21.1 k8s.io/legacy-cloud-providers v0.21.0-rc.0 k8s.io/utils v0.0.0-20201110183641-67b214c5f920 sigs.k8s.io/yaml v1.2.0 @@ -94,7 +94,7 @@ replace ( k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20210429023751-daa555af5040 k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20210429023751-daa555af5040 k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20210429023751-daa555af5040 - k8s.io/kubernetes => github.com/openshift/kubernetes v1.21.0-rc.0.0.20210518181655-9bec1e131ca5 + k8s.io/kubernetes => github.com/danwinship/kubernetes v1.1.0-alpha.0.0.20210525134331-1c8b0b88aba6 k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20210429023751-daa555af5040 k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20210429023751-daa555af5040 k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20210429023751-daa555af5040 diff --git a/go.sum b/go.sum index 6e37d686f2db..8e3eb87478d0 100644 --- a/go.sum +++ b/go.sum @@ -190,6 +190,8 @@ github.com/creack/pty v1.1.11 h1:07n33Z8lZxZ2qwegKbObQohDhXDQxiMMz1NOUGYlesw= github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/cyphar/filepath-securejoin v0.2.2 h1:jCwT2GTP+PY5nBz3c/YL5PAIbusElVrPujOBSCj8xRg= github.com/cyphar/filepath-securejoin v0.2.2/go.mod h1:FpkQEhXnPnOthhzymB7CGsFk2G9VLXONKD9G7QGMM+4= +github.com/danwinship/kubernetes v1.1.0-alpha.0.0.20210525134331-1c8b0b88aba6 h1:063vJldveLDusOa4F+Mhv/BCGXQmPczRT8XscKd5Pkg= +github.com/danwinship/kubernetes v1.1.0-alpha.0.0.20210525134331-1c8b0b88aba6/go.mod h1:las0iUBc1uUPoukbzD67JlOqiqsJvzapZWFmcGFJeXg= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -628,18 +630,18 @@ github.com/opencontainers/selinux v1.8.0/go.mod h1:RScLhm78qiWa2gbVCcGkC7tCGdgk3 github.com/openshift/api v0.0.0-20210331162552-3e31249e6a55/go.mod h1:dZ4kytOo3svxJHNYd0J55hwe/6IQG5gAUHUE0F3Jkio= github.com/openshift/api v0.0.0-20210331193751-3acddb19d360/go.mod h1:dZ4kytOo3svxJHNYd0J55hwe/6IQG5gAUHUE0F3Jkio= github.com/openshift/api v0.0.0-20210422150128-d8a48168c81c/go.mod h1:dZ4kytOo3svxJHNYd0J55hwe/6IQG5gAUHUE0F3Jkio= -github.com/openshift/api v0.0.0-20210423140644-156ca80f8d83 h1:Rz7+q64KDked7wonxYd3r87QAcuiTSt5H+EPghmGMt0= -github.com/openshift/api v0.0.0-20210423140644-156ca80f8d83/go.mod h1:dZ4kytOo3svxJHNYd0J55hwe/6IQG5gAUHUE0F3Jkio= -github.com/openshift/apiserver-library-go v0.0.0-20210426120049-59b0e972bfb7 h1:eJDIx4xV8J+9Zg1W8UJPv5SME0pGNmXttWIUU5Fg6O4= +github.com/openshift/api v0.0.0-20210521075222-e273a339932a h1:aBPwLqCg66SbQd+HrjB1GhgTfPtqSY4aeB022tEYmE0= +github.com/openshift/api v0.0.0-20210521075222-e273a339932a/go.mod h1:izBmoXbUu3z5kUa4FjZhvekTsyzIWiOoaIgJiZBBMQs= github.com/openshift/apiserver-library-go v0.0.0-20210426120049-59b0e972bfb7/go.mod h1:nqn2IWld2A+Q9Lp/xGsbmUr2RyDCQixRU83yqAbymUM= +github.com/openshift/apiserver-library-go v0.0.0-20210521113822-91c23a9a7ddf h1:b1YLQ5SAbjb/GmWpfmS5z6bVTWCJF+ywpd673LqbScc= +github.com/openshift/apiserver-library-go v0.0.0-20210521113822-91c23a9a7ddf/go.mod h1:lhfpWyUaEs2xLx+eTgz012fNzRKiG7XYJ5QcQAgtyRQ= github.com/openshift/build-machinery-go v0.0.0-20210209125900-0da259a2c359/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= github.com/openshift/build-machinery-go v0.0.0-20210423112049-9415d7ebd33e h1:F7rBobgSjtYL3/zsgDUjlTVx3Z06hdgpoldpDcn7jzc= github.com/openshift/build-machinery-go v0.0.0-20210423112049-9415d7ebd33e/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= github.com/openshift/client-go v0.0.0-20210331195552-cf6c2669e01f/go.mod h1:hHaRJ6vp2MRd/CpuZ1oJkqnMGy5eEnoAkQmKPZKcUPI= -github.com/openshift/client-go v0.0.0-20210422153130-25c8450d1535 h1:JGSJhDJiQxqUETyqseqeXD7X/hgA6V/F3WW/2dN4QCs= github.com/openshift/client-go v0.0.0-20210422153130-25c8450d1535/go.mod h1:v5/AYttPCjfqMGC1Ed/vutuDpuXmgWc5O+W9nwQ7EtE= -github.com/openshift/kubernetes v1.21.0-rc.0.0.20210518181655-9bec1e131ca5 h1:DDNdaUbroXyThpwbpd4ScnjRs4f9/FIpYMVx60hIo8I= -github.com/openshift/kubernetes v1.21.0-rc.0.0.20210518181655-9bec1e131ca5/go.mod h1:las0iUBc1uUPoukbzD67JlOqiqsJvzapZWFmcGFJeXg= +github.com/openshift/client-go v0.0.0-20210521082421-73d9475a9142 h1:ZHRIMCFIJN1p9LsJt4HQ+akDrys4PrYnXzOWI5LK03I= +github.com/openshift/client-go v0.0.0-20210521082421-73d9475a9142/go.mod h1:fjS8r9mqDVsPb5td3NehsNOAWa4uiFkYEfVZioQ2gH0= github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20210429023751-daa555af5040 h1:hVSLDBIUw2/NO00uXtwSS6OE4KzntUeKihP/UDjaZTA= github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20210429023751-daa555af5040/go.mod h1:TD7fwYg7+uByU8PweROUvAH84/vAmY0AnsoPcqG5AOY= github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20210429023751-daa555af5040 h1:C1MhgNpIrms8mFJo2/f4432tNRbwHH7skJkXTWJ0Ang= @@ -687,8 +689,8 @@ github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20210 github.com/openshift/kubernetes/staging/src/k8s.io/sample-apiserver v0.0.0-20210429023751-daa555af5040/go.mod h1:uRHcGzksxeAsANIOCE+K5vWMaqY9f2Jv68ZkqY0oqRM= github.com/openshift/library-go v0.0.0-20210331235027-66936e2fcc52/go.mod h1:pnz961veImKsbn7pQcuFbcVpCQosYiC1fUOjzEDeOLU= github.com/openshift/library-go v0.0.0-20210407092538-7021fda6f427/go.mod h1:pnz961veImKsbn7pQcuFbcVpCQosYiC1fUOjzEDeOLU= -github.com/openshift/library-go v0.0.0-20210420183610-0e395da73318 h1:ib7um2nUXJUHU8QOwqkXXTfXFzPmQUdBhNXXrX8SrfY= -github.com/openshift/library-go v0.0.0-20210420183610-0e395da73318/go.mod h1:pnz961veImKsbn7pQcuFbcVpCQosYiC1fUOjzEDeOLU= +github.com/openshift/library-go v0.0.0-20210521084623-7392ea9b02ca h1:NtRAdQTnE4B+UESOUaCSX3dw1uc+PpI1h2X7hUmE/5A= +github.com/openshift/library-go v0.0.0-20210521084623-7392ea9b02ca/go.mod h1:87ZYjEncF0YNUKNzncb8Fiw8yFNevpIWZW83C/etzpw= github.com/openshift/onsi-ginkgo v4.7.0-origin.0+incompatible h1:6XSBotNi58b4MwVV4F9o/jd4BaQd+uJyz+s5TR0/ot8= github.com/openshift/onsi-ginkgo v4.7.0-origin.0+incompatible/go.mod h1:azqkkH4Vpp9A579CC26hicol/wViXag9rOwElif6v9E= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= diff --git a/test/extended/util/annotate/generated/zz_generated.annotations.go b/test/extended/util/annotate/generated/zz_generated.annotations.go index ce5202f6a555..b7773f22f008 100644 --- a/test/extended/util/annotate/generated/zz_generated.annotations.go +++ b/test/extended/util/annotate/generated/zz_generated.annotations.go @@ -1829,161 +1829,161 @@ var annotations = map[string]string{ "[Top Level] [sig-network] Netpol API should support creating NetworkPolicy API operations": "should support creating NetworkPolicy API operations [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [Feature:SCTPConnectivity][LinuxOnly][Disruptive] NetworkPolicy between server and client using SCTP should enforce policy based on Ports [Feature:NetworkPolicy]": "should enforce policy based on Ports [Feature:NetworkPolicy] [Disabled:Alpha] [Disabled:Broken] [Serial] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [Feature:SCTPConnectivity][LinuxOnly][Disruptive] NetworkPolicy between server and client using SCTP should enforce policy based on Ports [Feature:NetworkPolicy]": "should enforce policy based on Ports [Feature:NetworkPolicy] [Disabled:Alpha] [Serial] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [Feature:SCTPConnectivity][LinuxOnly][Disruptive] NetworkPolicy between server and client using SCTP should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy] [Disabled:Alpha] [Disabled:Broken] [Serial] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [Feature:SCTPConnectivity][LinuxOnly][Disruptive] NetworkPolicy between server and client using SCTP should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy] [Disabled:Alpha] [Serial] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [Feature:SCTPConnectivity][LinuxOnly][Disruptive] NetworkPolicy between server and client using SCTP should support a 'default-deny-ingress' policy [Feature:NetworkPolicy]": "should support a 'default-deny-ingress' policy [Feature:NetworkPolicy] [Disabled:Alpha] [Disabled:Broken] [Serial] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [Feature:SCTPConnectivity][LinuxOnly][Disruptive] NetworkPolicy between server and client using SCTP should support a 'default-deny-ingress' policy [Feature:NetworkPolicy]": "should support a 'default-deny-ingress' policy [Feature:NetworkPolicy] [Disabled:Alpha] [Serial] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [Feature:UDPConnectivity][LinuxOnly] NetworkPolicy between server and client using UDP should enforce policy based on Ports [Feature:NetworkPolicy]": "should enforce policy based on Ports [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [Feature:UDPConnectivity][LinuxOnly] NetworkPolicy between server and client using UDP should enforce policy based on Ports [Feature:NetworkPolicy]": "should enforce policy based on Ports [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [Feature:UDPConnectivity][LinuxOnly] NetworkPolicy between server and client using UDP should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [Feature:UDPConnectivity][LinuxOnly] NetworkPolicy between server and client using UDP should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [Feature:UDPConnectivity][LinuxOnly] NetworkPolicy between server and client using UDP should support a 'default-deny-ingress' policy [Feature:NetworkPolicy]": "should support a 'default-deny-ingress' policy [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [Feature:UDPConnectivity][LinuxOnly] NetworkPolicy between server and client using UDP should support a 'default-deny-ingress' policy [Feature:NetworkPolicy]": "should support a 'default-deny-ingress' policy [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should allow egress access on one named port [Feature:NetworkPolicy]": "should allow egress access on one named port [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OVNKubernetes] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should allow egress access on one named port [Feature:NetworkPolicy]": "should allow egress access on one named port [Feature:NetworkPolicy] [Skipped:Network/OVNKubernetes] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should allow egress access to server in CIDR block [Feature:NetworkPolicy]": "should allow egress access to server in CIDR block [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should allow egress access to server in CIDR block [Feature:NetworkPolicy]": "should allow egress access to server in CIDR block [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should allow ingress access from namespace on one named port [Feature:NetworkPolicy]": "should allow ingress access from namespace on one named port [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OVNKubernetes] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should allow ingress access from namespace on one named port [Feature:NetworkPolicy]": "should allow ingress access from namespace on one named port [Feature:NetworkPolicy] [Skipped:Network/OVNKubernetes] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should allow ingress access from updated namespace [Feature:NetworkPolicy]": "should allow ingress access from updated namespace [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should allow ingress access from updated namespace [Feature:NetworkPolicy]": "should allow ingress access from updated namespace [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should allow ingress access from updated pod [Feature:NetworkPolicy]": "should allow ingress access from updated pod [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should allow ingress access from updated pod [Feature:NetworkPolicy]": "should allow ingress access from updated pod [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should allow ingress access on one named port [Feature:NetworkPolicy]": "should allow ingress access on one named port [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OVNKubernetes] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should allow ingress access on one named port [Feature:NetworkPolicy]": "should allow ingress access on one named port [Feature:NetworkPolicy] [Skipped:Network/OVNKubernetes] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should deny egress from all pods in a namespace [Feature:NetworkPolicy] ": "should deny egress from all pods in a namespace [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should deny egress from all pods in a namespace [Feature:NetworkPolicy] ": "should deny egress from all pods in a namespace [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should deny egress from pods based on PodSelector [Feature:NetworkPolicy] ": "should deny egress from pods based on PodSelector [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should deny egress from pods based on PodSelector [Feature:NetworkPolicy] ": "should deny egress from pods based on PodSelector [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should deny ingress access to updated pod [Feature:NetworkPolicy]": "should deny ingress access to updated pod [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should deny ingress access to updated pod [Feature:NetworkPolicy]": "should deny ingress access to updated pod [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should deny ingress from pods on other namespaces [Feature:NetworkPolicy]": "should deny ingress from pods on other namespaces [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should deny ingress from pods on other namespaces [Feature:NetworkPolicy]": "should deny ingress from pods on other namespaces [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce egress policy allowing traffic to a server in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]": "should enforce egress policy allowing traffic to a server in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce egress policy allowing traffic to a server in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]": "should enforce egress policy allowing traffic to a server in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce except clause while egress access to server in CIDR block [Feature:NetworkPolicy]": "should enforce except clause while egress access to server in CIDR block [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce except clause while egress access to server in CIDR block [Feature:NetworkPolicy]": "should enforce except clause while egress access to server in CIDR block [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce ingress policy allowing any port traffic to a server on a specific protocol [Feature:NetworkPolicy] [Feature:UDP]": "should enforce ingress policy allowing any port traffic to a server on a specific protocol [Feature:NetworkPolicy] [Feature:UDP] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce ingress policy allowing any port traffic to a server on a specific protocol [Feature:NetworkPolicy] [Feature:UDP]": "should enforce ingress policy allowing any port traffic to a server on a specific protocol [Feature:NetworkPolicy] [Feature:UDP] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce multiple egress policies with egress allow-all policy taking precedence [Feature:NetworkPolicy]": "should enforce multiple egress policies with egress allow-all policy taking precedence [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce multiple egress policies with egress allow-all policy taking precedence [Feature:NetworkPolicy]": "should enforce multiple egress policies with egress allow-all policy taking precedence [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce multiple ingress policies with ingress allow-all policy taking precedence [Feature:NetworkPolicy]": "should enforce multiple ingress policies with ingress allow-all policy taking precedence [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce multiple ingress policies with ingress allow-all policy taking precedence [Feature:NetworkPolicy]": "should enforce multiple ingress policies with ingress allow-all policy taking precedence [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce multiple, stacked policies with overlapping podSelectors [Feature:NetworkPolicy]": "should enforce multiple, stacked policies with overlapping podSelectors [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce multiple, stacked policies with overlapping podSelectors [Feature:NetworkPolicy]": "should enforce multiple, stacked policies with overlapping podSelectors [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policies to check ingress and egress policies can be controlled independently based on PodSelector [Feature:NetworkPolicy]": "should enforce policies to check ingress and egress policies can be controlled independently based on PodSelector [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policies to check ingress and egress policies can be controlled independently based on PodSelector [Feature:NetworkPolicy]": "should enforce policies to check ingress and egress policies can be controlled independently based on PodSelector [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy based on Multiple PodSelectors and NamespaceSelectors [Feature:NetworkPolicy]": "should enforce policy based on Multiple PodSelectors and NamespaceSelectors [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy based on Multiple PodSelectors and NamespaceSelectors [Feature:NetworkPolicy]": "should enforce policy based on Multiple PodSelectors and NamespaceSelectors [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy based on NamespaceSelector with MatchExpressions[Feature:NetworkPolicy]": "should enforce policy based on NamespaceSelector with MatchExpressions[Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy based on NamespaceSelector with MatchExpressions[Feature:NetworkPolicy]": "should enforce policy based on NamespaceSelector with MatchExpressions[Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy based on PodSelector and NamespaceSelector [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy based on PodSelector and NamespaceSelector [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy based on PodSelector or NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy based on PodSelector or NamespaceSelector [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy based on PodSelector or NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy based on PodSelector or NamespaceSelector [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy based on PodSelector with MatchExpressions[Feature:NetworkPolicy]": "should enforce policy based on PodSelector with MatchExpressions[Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy based on PodSelector with MatchExpressions[Feature:NetworkPolicy]": "should enforce policy based on PodSelector with MatchExpressions[Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy based on Ports [Feature:NetworkPolicy]": "should enforce policy based on Ports [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy based on Ports [Feature:NetworkPolicy]": "should enforce policy based on Ports [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy based on any PodSelectors [Feature:NetworkPolicy]": "should enforce policy based on any PodSelectors [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy based on any PodSelectors [Feature:NetworkPolicy]": "should enforce policy based on any PodSelectors [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy to allow ingress traffic for a target [Feature:NetworkPolicy] ": "should enforce policy to allow ingress traffic for a target [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy to allow ingress traffic for a target [Feature:NetworkPolicy] ": "should enforce policy to allow ingress traffic for a target [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy to allow ingress traffic from pods in all namespaces [Feature:NetworkPolicy]": "should enforce policy to allow ingress traffic from pods in all namespaces [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy to allow ingress traffic from pods in all namespaces [Feature:NetworkPolicy]": "should enforce policy to allow ingress traffic from pods in all namespaces [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy to allow traffic from pods within server namespace based on PodSelector [Feature:NetworkPolicy]": "should enforce policy to allow traffic from pods within server namespace based on PodSelector [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy to allow traffic from pods within server namespace based on PodSelector [Feature:NetworkPolicy]": "should enforce policy to allow traffic from pods within server namespace based on PodSelector [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy to allow traffic only from a different namespace, based on NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy to allow traffic only from a different namespace, based on NamespaceSelector [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy to allow traffic only from a different namespace, based on NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy to allow traffic only from a different namespace, based on NamespaceSelector [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce updated policy [Feature:NetworkPolicy]": "should enforce updated policy [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should enforce updated policy [Feature:NetworkPolicy]": "should enforce updated policy [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should ensure an IP overlapping both IPBlock.CIDR and IPBlock.Except is allowed [Feature:NetworkPolicy]": "should ensure an IP overlapping both IPBlock.CIDR and IPBlock.Except is allowed [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should ensure an IP overlapping both IPBlock.CIDR and IPBlock.Except is allowed [Feature:NetworkPolicy]": "should ensure an IP overlapping both IPBlock.CIDR and IPBlock.Except is allowed [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should not allow access by TCP when a policy specifies only SCTP [Feature:NetworkPolicy] [Feature:SCTP]": "should not allow access by TCP when a policy specifies only SCTP [Feature:NetworkPolicy] [Feature:SCTP] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should not allow access by TCP when a policy specifies only SCTP [Feature:NetworkPolicy] [Feature:SCTP]": "should not allow access by TCP when a policy specifies only SCTP [Feature:NetworkPolicy] [Feature:SCTP] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should not allow access by TCP when a policy specifies only UDP [Feature:NetworkPolicy] [Feature:UDP]": "should not allow access by TCP when a policy specifies only UDP [Feature:NetworkPolicy] [Feature:UDP] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should not allow access by TCP when a policy specifies only UDP [Feature:NetworkPolicy] [Feature:UDP]": "should not allow access by TCP when a policy specifies only UDP [Feature:NetworkPolicy] [Feature:UDP] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should stop enforcing policies after they are deleted [Feature:NetworkPolicy]": "should stop enforcing policies after they are deleted [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should stop enforcing policies after they are deleted [Feature:NetworkPolicy]": "should stop enforcing policies after they are deleted [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should support a 'default-deny-all' policy [Feature:NetworkPolicy]": "should support a 'default-deny-all' policy [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should support a 'default-deny-all' policy [Feature:NetworkPolicy]": "should support a 'default-deny-all' policy [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should support a 'default-deny-ingress' policy [Feature:NetworkPolicy]": "should support a 'default-deny-ingress' policy [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should support a 'default-deny-ingress' policy [Feature:NetworkPolicy]": "should support a 'default-deny-ingress' policy [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should support allow-all policy [Feature:NetworkPolicy]": "should support allow-all policy [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should support allow-all policy [Feature:NetworkPolicy]": "should support allow-all policy [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should support denying of egress traffic on the client side (even if the server explicitly allows this traffic) [Feature:NetworkPolicy]": "should support denying of egress traffic on the client side (even if the server explicitly allows this traffic) [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should support denying of egress traffic on the client side (even if the server explicitly allows this traffic) [Feature:NetworkPolicy]": "should support denying of egress traffic on the client side (even if the server explicitly allows this traffic) [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should work with Ingress, Egress specified together [Feature:NetworkPolicy]": "should work with Ingress, Egress specified together [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] Netpol [LinuxOnly] NetworkPolicy between server and client should work with Ingress, Egress specified together [Feature:NetworkPolicy]": "should work with Ingress, Egress specified together [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", "[Top Level] [sig-network] NetworkPolicy API should support creating NetworkPolicy API operations": "should support creating NetworkPolicy API operations [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [Feature:SCTPConnectivity][LinuxOnly][Disruptive] NetworkPolicy between server and client using SCTP should enforce policy based on Ports [Feature:NetworkPolicy]": "should enforce policy based on Ports [Feature:NetworkPolicy] [Disabled:Alpha] [Disabled:Broken] [Serial] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [Feature:SCTPConnectivity][LinuxOnly][Disruptive] NetworkPolicy between server and client using SCTP should enforce policy based on Ports [Feature:NetworkPolicy]": "should enforce policy based on Ports [Feature:NetworkPolicy] [Disabled:Alpha] [Serial] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [Feature:SCTPConnectivity][LinuxOnly][Disruptive] NetworkPolicy between server and client using SCTP should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy] [Disabled:Alpha] [Disabled:Broken] [Serial] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [Feature:SCTPConnectivity][LinuxOnly][Disruptive] NetworkPolicy between server and client using SCTP should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy] [Disabled:Alpha] [Serial] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [Feature:SCTPConnectivity][LinuxOnly][Disruptive] NetworkPolicy between server and client using SCTP should support a 'default-deny' policy [Feature:NetworkPolicy]": "should support a 'default-deny' policy [Feature:NetworkPolicy] [Disabled:Alpha] [Disabled:Broken] [Serial] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [Feature:SCTPConnectivity][LinuxOnly][Disruptive] NetworkPolicy between server and client using SCTP should support a 'default-deny' policy [Feature:NetworkPolicy]": "should support a 'default-deny' policy [Feature:NetworkPolicy] [Disabled:Alpha] [Serial] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow egress access on one named port [Feature:NetworkPolicy]": "should allow egress access on one named port [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OVNKubernetes] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow egress access on one named port [Feature:NetworkPolicy]": "should allow egress access on one named port [Feature:NetworkPolicy] [Skipped:Network/OVNKubernetes] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow egress access to server in CIDR block [Feature:NetworkPolicy]": "should allow egress access to server in CIDR block [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow egress access to server in CIDR block [Feature:NetworkPolicy]": "should allow egress access to server in CIDR block [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow ingress access from namespace on one named port [Feature:NetworkPolicy]": "should allow ingress access from namespace on one named port [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OVNKubernetes] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow ingress access from namespace on one named port [Feature:NetworkPolicy]": "should allow ingress access from namespace on one named port [Feature:NetworkPolicy] [Skipped:Network/OVNKubernetes] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow ingress access from updated namespace [Feature:NetworkPolicy]": "should allow ingress access from updated namespace [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow ingress access from updated namespace [Feature:NetworkPolicy]": "should allow ingress access from updated namespace [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow ingress access from updated pod [Feature:NetworkPolicy]": "should allow ingress access from updated pod [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow ingress access from updated pod [Feature:NetworkPolicy]": "should allow ingress access from updated pod [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow ingress access on one named port [Feature:NetworkPolicy]": "should allow ingress access on one named port [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OVNKubernetes] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should allow ingress access on one named port [Feature:NetworkPolicy]": "should allow ingress access on one named port [Feature:NetworkPolicy] [Skipped:Network/OVNKubernetes] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should deny ingress access to updated pod [Feature:NetworkPolicy]": "should deny ingress access to updated pod [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should deny ingress access to updated pod [Feature:NetworkPolicy]": "should deny ingress access to updated pod [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce egress policy allowing traffic to a server in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]": "should enforce egress policy allowing traffic to a server in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce egress policy allowing traffic to a server in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]": "should enforce egress policy allowing traffic to a server in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce except clause while egress access to server in CIDR block [Feature:NetworkPolicy]": "should enforce except clause while egress access to server in CIDR block [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce except clause while egress access to server in CIDR block [Feature:NetworkPolicy]": "should enforce except clause while egress access to server in CIDR block [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce multiple egress policies with egress allow-all policy taking precedence [Feature:NetworkPolicy]": "should enforce multiple egress policies with egress allow-all policy taking precedence [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce multiple egress policies with egress allow-all policy taking precedence [Feature:NetworkPolicy]": "should enforce multiple egress policies with egress allow-all policy taking precedence [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce multiple ingress policies with ingress allow-all policy taking precedence [Feature:NetworkPolicy]": "should enforce multiple ingress policies with ingress allow-all policy taking precedence [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce multiple ingress policies with ingress allow-all policy taking precedence [Feature:NetworkPolicy]": "should enforce multiple ingress policies with ingress allow-all policy taking precedence [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce multiple, stacked policies with overlapping podSelectors [Feature:NetworkPolicy]": "should enforce multiple, stacked policies with overlapping podSelectors [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce multiple, stacked policies with overlapping podSelectors [Feature:NetworkPolicy]": "should enforce multiple, stacked policies with overlapping podSelectors [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policies to check ingress and egress policies can be controlled independently based on PodSelector [Feature:NetworkPolicy]": "should enforce policies to check ingress and egress policies can be controlled independently based on PodSelector [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policies to check ingress and egress policies can be controlled independently based on PodSelector [Feature:NetworkPolicy]": "should enforce policies to check ingress and egress policies can be controlled independently based on PodSelector [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policy based on NamespaceSelector with MatchExpressions[Feature:NetworkPolicy]": "should enforce policy based on NamespaceSelector with MatchExpressions[Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policy based on NamespaceSelector with MatchExpressions[Feature:NetworkPolicy]": "should enforce policy based on NamespaceSelector with MatchExpressions[Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policy based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy based on PodSelector and NamespaceSelector [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policy based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy based on PodSelector and NamespaceSelector [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policy based on PodSelector or NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy based on PodSelector or NamespaceSelector [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policy based on PodSelector or NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy based on PodSelector or NamespaceSelector [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policy based on PodSelector with MatchExpressions[Feature:NetworkPolicy]": "should enforce policy based on PodSelector with MatchExpressions[Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policy based on PodSelector with MatchExpressions[Feature:NetworkPolicy]": "should enforce policy based on PodSelector with MatchExpressions[Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policy based on Ports [Feature:NetworkPolicy]": "should enforce policy based on Ports [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policy based on Ports [Feature:NetworkPolicy]": "should enforce policy based on Ports [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policy to allow traffic from pods within server namespace based on PodSelector [Feature:NetworkPolicy]": "should enforce policy to allow traffic from pods within server namespace based on PodSelector [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policy to allow traffic from pods within server namespace based on PodSelector [Feature:NetworkPolicy]": "should enforce policy to allow traffic from pods within server namespace based on PodSelector [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policy to allow traffic only from a different namespace, based on NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy to allow traffic only from a different namespace, based on NamespaceSelector [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policy to allow traffic only from a different namespace, based on NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy to allow traffic only from a different namespace, based on NamespaceSelector [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy]": "should enforce policy to allow traffic only from a pod in a different namespace based on PodSelector and NamespaceSelector [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce updated policy [Feature:NetworkPolicy]": "should enforce updated policy [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should enforce updated policy [Feature:NetworkPolicy]": "should enforce updated policy [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should ensure an IP overlapping both IPBlock.CIDR and IPBlock.Except is allowed [Feature:NetworkPolicy]": "should ensure an IP overlapping both IPBlock.CIDR and IPBlock.Except is allowed [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should ensure an IP overlapping both IPBlock.CIDR and IPBlock.Except is allowed [Feature:NetworkPolicy]": "should ensure an IP overlapping both IPBlock.CIDR and IPBlock.Except is allowed [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should not allow access by TCP when a policy specifies only SCTP [Feature:NetworkPolicy] [Feature:SCTP]": "should not allow access by TCP when a policy specifies only SCTP [Feature:NetworkPolicy] [Feature:SCTP] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should not allow access by TCP when a policy specifies only SCTP [Feature:NetworkPolicy] [Feature:SCTP]": "should not allow access by TCP when a policy specifies only SCTP [Feature:NetworkPolicy] [Feature:SCTP] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should stop enforcing policies after they are deleted [Feature:NetworkPolicy]": "should stop enforcing policies after they are deleted [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should stop enforcing policies after they are deleted [Feature:NetworkPolicy]": "should stop enforcing policies after they are deleted [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should support a 'default-deny-all' policy [Feature:NetworkPolicy]": "should support a 'default-deny-all' policy [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should support a 'default-deny-all' policy [Feature:NetworkPolicy]": "should support a 'default-deny-all' policy [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should support a 'default-deny-ingress' policy [Feature:NetworkPolicy]": "should support a 'default-deny-ingress' policy [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should support a 'default-deny-ingress' policy [Feature:NetworkPolicy]": "should support a 'default-deny-ingress' policy [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should support allow-all policy [Feature:NetworkPolicy]": "should support allow-all policy [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should support allow-all policy [Feature:NetworkPolicy]": "should support allow-all policy [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Suite:openshift/conformance/parallel] [Suite:k8s]", - "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should work with Ingress,Egress specified together [Feature:NetworkPolicy]": "should work with Ingress,Egress specified together [Feature:NetworkPolicy] [Disabled:Broken] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:k8s]", + "[Top Level] [sig-network] NetworkPolicy [LinuxOnly] NetworkPolicy between server and client should work with Ingress,Egress specified together [Feature:NetworkPolicy]": "should work with Ingress,Egress specified together [Feature:NetworkPolicy] [Skipped:Network/OpenShiftSDN/Multitenant] [Skipped:Network/OpenShiftSDN] [Suite:openshift/conformance/parallel] [Suite:k8s]", "[Top Level] [sig-network] Networking Granular Checks: Pods should function for intra-pod communication: http [NodeConformance] [Conformance]": "should function for intra-pod communication: http [NodeConformance] [Conformance] [Suite:openshift/conformance/parallel/minimal] [Suite:k8s]", diff --git a/test/extended/util/annotate/rules.go b/test/extended/util/annotate/rules.go index 233e78f8f061..974a5ea98235 100644 --- a/test/extended/util/annotate/rules.go +++ b/test/extended/util/annotate/rules.go @@ -61,10 +61,6 @@ var ( // https://bugzilla.redhat.com/show_bug.cgi?id=1957894 `\[sig-node\] Container Runtime blackbox test when running a container with a new image should be able to pull from private registry with secret`, - - // Broken for metal-ipi-ovn-ipv6 - // https://bugzilla.redhat.com/show_bug.cgi?id=1962950 - `\[Feature:NetworkPolicy\]`, }, // tests that may work, but we don't support them "[Disabled:Unsupported]": {}, diff --git a/vendor/github.com/openshift/api/apiserver/v1/apiserver.openshift.io_apirequestcount.yaml b/vendor/github.com/openshift/api/apiserver/v1/apiserver.openshift.io_apirequestcount.yaml index 4442f2a145b0..3b15501e0fa4 100644 --- a/vendor/github.com/openshift/api/apiserver/v1/apiserver.openshift.io_apirequestcount.yaml +++ b/vendor/github.com/openshift/api/apiserver/v1/apiserver.openshift.io_apirequestcount.yaml @@ -26,8 +26,8 @@ spec: jsonPath: .status.removedInRelease - name: RequestsInCurrentHour type: integer - description: Number of requests in the last hour. - jsonPath: .status.requestsInTheCurrentHour.requestCount + description: Number of requests in the current hour. + jsonPath: .status.currentHour.requestCount - name: RequestsInLast24h type: integer description: Number of requests in the last 24h. diff --git a/vendor/github.com/openshift/api/build/v1/generated.proto b/vendor/github.com/openshift/api/build/v1/generated.proto index e3e947c623c8..8f1154f1e289 100644 --- a/vendor/github.com/openshift/api/build/v1/generated.proto +++ b/vendor/github.com/openshift/api/build/v1/generated.proto @@ -145,12 +145,9 @@ message BuildConfigStatus { // lastVersion is used to inform about number of last triggered build. optional int64 lastVersion = 1; - // ImageChangeTriggers is used to capture the runtime state of any ImageChangeTrigger specified in the BuildConfigSpec, - // including the value reconciled by the OpenShift APIServer for the lastTriggeredImageID. There will be a single entry - // in this array for each entry in the BuildConfigSpec.Triggers array where the BuildTriggerPolicy.ImageChange - // pointer is set to a non-nil value. The logical key for each entry in this array is expressed by the - // ImageStreamTagReference type. That type captures the required elements for identifying the ImageStreamTag referenced by the more - // generic ObjectReference BuildTriggerPolicy.ImageChange.From. + // ImageChangeTriggers captures the runtime state of any ImageChangeTrigger specified in the BuildConfigSpec, + // including the value reconciled by the OpenShift APIServer for the lastTriggeredImageID. There is a single entry + // in this array for each image change trigger in spec. Each trigger status references the ImageStreamTag that acts as the source of the trigger. repeated ImageChangeTriggerStatus imageChangeTriggers = 2; } @@ -882,35 +879,15 @@ message ImageChangeTrigger { // ImageChangeTriggerStatus tracks the latest resolved status of the associated ImageChangeTrigger policy // specified in the BuildConfigSpec.Triggers struct. message ImageChangeTriggerStatus { - // lastTriggeredImageID represents, at the last time a Build for this BuildConfig was instantiated, the sha/id of - // the image referenced by the the ImageStreamTag cited in the 'from' of this struct. - // The lastTriggeredImageID field will be updated by the OpenShift APIServer on all instantiations of a Build from - // the BuildConfig it processes, regardless of what is considered the cause of instantiation. - // Specifically, an instantiation of a Build could have been manually requested, or could have resulted from - // changes with any of the Triggers defined in BuildConfigSpec.Triggers. - // The reason for always updating this field across all ImageChangeTriggerStatus instances is to prevent - // multiple builds being instantiated concurrently when multiple ImageChangeTriggers fire concurrently. The system - // compares the the sha/id stored here with the associated ImageStreamTag's sha/id for the image. If they match, - // then this trigger is not a valid reason for instantiating a Build. So when ImageChangeTriggers fire concurrently, - // only one of them can "win", meaning selected as the cause for a Build instantiation request. - // Lastly, to clarify exactly what is meant by "Build instantiation", from a REST perspective, it is a HTTP POST of a - // BuildRequest object as the HTTP Body that is made to the OpenShift APIServer, where that HTTP POST also specifies - // the "buildconfigs" resource, "instantiate" subresource, as well as the namespace and name of the BuildConfig. + // lastTriggeredImageID represents the sha/id of the ImageStreamTag when a Build for this BuildConfig was started. + // The lastTriggeredImageID is updated each time a Build for this BuildConfig is started, even if this ImageStreamTag is not the reason the Build is started. optional string lastTriggeredImageID = 1; - // from is the ImageStreamTag that is used as the source of the trigger. - // This can come from an ImageStream tag referenced in this BuildConfig's Spec ImageChange Triggers, or the "from" - // this BuildConfig's build strategy if it happens to be an ImageStreamTag (where the user has specified an - // ImageChange Trigger in the spec with a 'nil' for its 'from'. + // from is the ImageStreamTag that is the source of the trigger. optional ImageStreamTagReference from = 2; - // lastTriggerTime is the last time this particular ImageChangeTrigger fired, and that trigger firing was chosen as the cause for the Build being instantiated - // from this BuildConfig. So on each Build instantiation, while lastTriggeredImageID will be updated regardless of - // whether this ImageChangeTrigger fired and deemed the cause for the Build Instantiation, this field is only updated - // when this trigger was in fact deemed the cause. As such, it is valid that this field may not be set across all the - // ImageChangeTriggers, as they may have not yet been deemed to be the cause of a Build instantiation. It is also - // valid that the times stored in lastTriggerTime will vary across all the ImageChangeTriggers, as the system - // explicitly picks only one trigger cause for a given Build. + // lastTriggerTime is the last time this particular ImageStreamTag triggered a Build to start. + // This field is only updated when this trigger specifically started a Build. optional k8s.io.apimachinery.pkg.apis.meta.v1.Time lastTriggerTime = 3; } @@ -967,15 +944,12 @@ message ImageSourcePath { optional string destinationDir = 2; } -// ImageStreamTagReference captures the required elements for identifying the ImageStreamTag referenced by the more -// generic ObjectReference BuildTriggerPolicy.ImageChange.From. It is used by ImageChangeTriggerStatus, where a -// specific instance of ImageChangeTriggerStatus in maintained in BuildConfigStatus.ImageChangeTriggers for each entry -// in the BuildConfigSpec.Triggers array where the BuildTriggerPolicy.ImageChange pointer is set to a non-nil value +// ImageStreamTagReference references the ImageStreamTag in an image change trigger by namespace and name. message ImageStreamTagReference { - // namespace is the namespace where the ImageStreamTag used for an ImageChangeTrigger is located + // namespace is the namespace where the ImageStreamTag for an ImageChangeTrigger is located optional string namespace = 1; - // name is the name of the ImageStreamTag used for an ImageChangeTrigger + // name is the name of the ImageStreamTag for an ImageChangeTrigger optional string name = 2; } diff --git a/vendor/github.com/openshift/api/build/v1/types.go b/vendor/github.com/openshift/api/build/v1/types.go index cc57d561847c..11cce8db9c23 100644 --- a/vendor/github.com/openshift/api/build/v1/types.go +++ b/vendor/github.com/openshift/api/build/v1/types.go @@ -976,12 +976,9 @@ type BuildConfigStatus struct { // lastVersion is used to inform about number of last triggered build. LastVersion int64 `json:"lastVersion" protobuf:"varint,1,opt,name=lastVersion"` - // ImageChangeTriggers is used to capture the runtime state of any ImageChangeTrigger specified in the BuildConfigSpec, - // including the value reconciled by the OpenShift APIServer for the lastTriggeredImageID. There will be a single entry - // in this array for each entry in the BuildConfigSpec.Triggers array where the BuildTriggerPolicy.ImageChange - // pointer is set to a non-nil value. The logical key for each entry in this array is expressed by the - // ImageStreamTagReference type. That type captures the required elements for identifying the ImageStreamTag referenced by the more - // generic ObjectReference BuildTriggerPolicy.ImageChange.From. + // ImageChangeTriggers captures the runtime state of any ImageChangeTrigger specified in the BuildConfigSpec, + // including the value reconciled by the OpenShift APIServer for the lastTriggeredImageID. There is a single entry + // in this array for each image change trigger in spec. Each trigger status references the ImageStreamTag that acts as the source of the trigger. ImageChangeTriggers []ImageChangeTriggerStatus `json:"imageChangeTriggers,omitempty" protobuf:"bytes,2,rep,name=imageChangeTriggers"` } @@ -1026,50 +1023,27 @@ type ImageChangeTrigger struct { Paused bool `json:"paused,omitempty" protobuf:"varint,3,opt,name=paused"` } -// ImageStreamTagReference captures the required elements for identifying the ImageStreamTag referenced by the more -// generic ObjectReference BuildTriggerPolicy.ImageChange.From. It is used by ImageChangeTriggerStatus, where a -// specific instance of ImageChangeTriggerStatus in maintained in BuildConfigStatus.ImageChangeTriggers for each entry -// in the BuildConfigSpec.Triggers array where the BuildTriggerPolicy.ImageChange pointer is set to a non-nil value +// ImageStreamTagReference references the ImageStreamTag in an image change trigger by namespace and name. type ImageStreamTagReference struct { - // namespace is the namespace where the ImageStreamTag used for an ImageChangeTrigger is located + // namespace is the namespace where the ImageStreamTag for an ImageChangeTrigger is located Namespace string `json:"namespace,omitempty" protobuf:"bytes,1,opt,name=namespace"` - // name is the name of the ImageStreamTag used for an ImageChangeTrigger + // name is the name of the ImageStreamTag for an ImageChangeTrigger Name string `json:"name,omitempty" protobuf:"bytes,2,opt,name=name"` } // ImageChangeTriggerStatus tracks the latest resolved status of the associated ImageChangeTrigger policy // specified in the BuildConfigSpec.Triggers struct. type ImageChangeTriggerStatus struct { - // lastTriggeredImageID represents, at the last time a Build for this BuildConfig was instantiated, the sha/id of - // the image referenced by the the ImageStreamTag cited in the 'from' of this struct. - // The lastTriggeredImageID field will be updated by the OpenShift APIServer on all instantiations of a Build from - // the BuildConfig it processes, regardless of what is considered the cause of instantiation. - // Specifically, an instantiation of a Build could have been manually requested, or could have resulted from - // changes with any of the Triggers defined in BuildConfigSpec.Triggers. - // The reason for always updating this field across all ImageChangeTriggerStatus instances is to prevent - // multiple builds being instantiated concurrently when multiple ImageChangeTriggers fire concurrently. The system - // compares the the sha/id stored here with the associated ImageStreamTag's sha/id for the image. If they match, - // then this trigger is not a valid reason for instantiating a Build. So when ImageChangeTriggers fire concurrently, - // only one of them can "win", meaning selected as the cause for a Build instantiation request. - // Lastly, to clarify exactly what is meant by "Build instantiation", from a REST perspective, it is a HTTP POST of a - // BuildRequest object as the HTTP Body that is made to the OpenShift APIServer, where that HTTP POST also specifies - // the "buildconfigs" resource, "instantiate" subresource, as well as the namespace and name of the BuildConfig. + // lastTriggeredImageID represents the sha/id of the ImageStreamTag when a Build for this BuildConfig was started. + // The lastTriggeredImageID is updated each time a Build for this BuildConfig is started, even if this ImageStreamTag is not the reason the Build is started. LastTriggeredImageID string `json:"lastTriggeredImageID,omitempty" protobuf:"bytes,1,opt,name=lastTriggeredImageID"` - // from is the ImageStreamTag that is used as the source of the trigger. - // This can come from an ImageStream tag referenced in this BuildConfig's Spec ImageChange Triggers, or the "from" - // this BuildConfig's build strategy if it happens to be an ImageStreamTag (where the user has specified an - // ImageChange Trigger in the spec with a 'nil' for its 'from'. + // from is the ImageStreamTag that is the source of the trigger. From ImageStreamTagReference `json:"from,omitempty" protobuf:"bytes,2,opt,name=from"` - // lastTriggerTime is the last time this particular ImageChangeTrigger fired, and that trigger firing was chosen as the cause for the Build being instantiated - // from this BuildConfig. So on each Build instantiation, while lastTriggeredImageID will be updated regardless of - // whether this ImageChangeTrigger fired and deemed the cause for the Build Instantiation, this field is only updated - // when this trigger was in fact deemed the cause. As such, it is valid that this field may not be set across all the - // ImageChangeTriggers, as they may have not yet been deemed to be the cause of a Build instantiation. It is also - // valid that the times stored in lastTriggerTime will vary across all the ImageChangeTriggers, as the system - // explicitly picks only one trigger cause for a given Build. + // lastTriggerTime is the last time this particular ImageStreamTag triggered a Build to start. + // This field is only updated when this trigger specifically started a Build. LastTriggerTime metav1.Time `json:"lastTriggerTime,omitempty" protobuf:"bytes,3,opt,name=lastTriggerTime"` } diff --git a/vendor/github.com/openshift/api/build/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/build/v1/zz_generated.swagger_doc_generated.go index f4410e6d33ac..9be845dfb097 100644 --- a/vendor/github.com/openshift/api/build/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/build/v1/zz_generated.swagger_doc_generated.go @@ -101,7 +101,7 @@ func (BuildConfigSpec) SwaggerDoc() map[string]string { var map_BuildConfigStatus = map[string]string{ "": "BuildConfigStatus contains current state of the build config object.", "lastVersion": "lastVersion is used to inform about number of last triggered build.", - "imageChangeTriggers": "ImageChangeTriggers is used to capture the runtime state of any ImageChangeTrigger specified in the BuildConfigSpec, including the value reconciled by the OpenShift APIServer for the lastTriggeredImageID. There will be a single entry in this array for each entry in the BuildConfigSpec.Triggers array where the BuildTriggerPolicy.ImageChange pointer is set to a non-nil value. The logical key for each entry in this array is expressed by the ImageStreamTagReference type. That type captures the required elements for identifying the ImageStreamTag referenced by the more generic ObjectReference BuildTriggerPolicy.ImageChange.From.", + "imageChangeTriggers": "ImageChangeTriggers captures the runtime state of any ImageChangeTrigger specified in the BuildConfigSpec, including the value reconciled by the OpenShift APIServer for the lastTriggeredImageID. There is a single entry in this array for each image change trigger in spec. Each trigger status references the ImageStreamTag that acts as the source of the trigger.", } func (BuildConfigStatus) SwaggerDoc() map[string]string { @@ -470,9 +470,9 @@ func (ImageChangeTrigger) SwaggerDoc() map[string]string { var map_ImageChangeTriggerStatus = map[string]string{ "": "ImageChangeTriggerStatus tracks the latest resolved status of the associated ImageChangeTrigger policy specified in the BuildConfigSpec.Triggers struct.", - "lastTriggeredImageID": "lastTriggeredImageID represents, at the last time a Build for this BuildConfig was instantiated, the sha/id of the image referenced by the the ImageStreamTag cited in the 'from' of this struct. The lastTriggeredImageID field will be updated by the OpenShift APIServer on all instantiations of a Build from the BuildConfig it processes, regardless of what is considered the cause of instantiation. Specifically, an instantiation of a Build could have been manually requested, or could have resulted from changes with any of the Triggers defined in BuildConfigSpec.Triggers. The reason for always updating this field across all ImageChangeTriggerStatus instances is to prevent multiple builds being instantiated concurrently when multiple ImageChangeTriggers fire concurrently. The system compares the the sha/id stored here with the associated ImageStreamTag's sha/id for the image. If they match, then this trigger is not a valid reason for instantiating a Build. So when ImageChangeTriggers fire concurrently, only one of them can \"win\", meaning selected as the cause for a Build instantiation request. Lastly, to clarify exactly what is meant by \"Build instantiation\", from a REST perspective, it is a HTTP POST of a BuildRequest object as the HTTP Body that is made to the OpenShift APIServer, where that HTTP POST also specifies the \"buildconfigs\" resource, \"instantiate\" subresource, as well as the namespace and name of the BuildConfig.", - "from": "from is the ImageStreamTag that is used as the source of the trigger. This can come from an ImageStream tag referenced in this BuildConfig's Spec ImageChange Triggers, or the \"from\"\n this BuildConfig's build strategy if it happens to be an ImageStreamTag (where the user has specified an\nImageChange Trigger in the spec with a 'nil' for its 'from'.", - "lastTriggerTime": "lastTriggerTime is the last time this particular ImageChangeTrigger fired, and that trigger firing was chosen as the cause for the Build being instantiated from this BuildConfig. So on each Build instantiation, while lastTriggeredImageID will be updated regardless of whether this ImageChangeTrigger fired and deemed the cause for the Build Instantiation, this field is only updated when this trigger was in fact deemed the cause. As such, it is valid that this field may not be set across all the ImageChangeTriggers, as they may have not yet been deemed to be the cause of a Build instantiation. It is also valid that the times stored in lastTriggerTime will vary across all the ImageChangeTriggers, as the system explicitly picks only one trigger cause for a given Build.", + "lastTriggeredImageID": "lastTriggeredImageID represents the sha/id of the ImageStreamTag when a Build for this BuildConfig was started. The lastTriggeredImageID is updated each time a Build for this BuildConfig is started, even if this ImageStreamTag is not the reason the Build is started.", + "from": "from is the ImageStreamTag that is the source of the trigger.", + "lastTriggerTime": "lastTriggerTime is the last time this particular ImageStreamTag triggered a Build to start. This field is only updated when this trigger specifically started a Build.", } func (ImageChangeTriggerStatus) SwaggerDoc() map[string]string { @@ -512,9 +512,9 @@ func (ImageSourcePath) SwaggerDoc() map[string]string { } var map_ImageStreamTagReference = map[string]string{ - "": "ImageStreamTagReference captures the required elements for identifying the ImageStreamTag referenced by the more generic ObjectReference BuildTriggerPolicy.ImageChange.From. It is used by ImageChangeTriggerStatus, where a specific instance of ImageChangeTriggerStatus in maintained in BuildConfigStatus.ImageChangeTriggers for each entry in the BuildConfigSpec.Triggers array where the BuildTriggerPolicy.ImageChange pointer is set to a non-nil value", - "namespace": "namespace is the namespace where the ImageStreamTag used for an ImageChangeTrigger is located", - "name": "name is the name of the ImageStreamTag used for an ImageChangeTrigger", + "": "ImageStreamTagReference references the ImageStreamTag in an image change trigger by namespace and name.", + "namespace": "namespace is the namespace where the ImageStreamTag for an ImageChangeTrigger is located", + "name": "name is the name of the ImageStreamTag for an ImageChangeTrigger", } func (ImageStreamTagReference) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml index 2bf27128307b..e56801b1e7aa 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusteroperator.crd.yaml @@ -1,32 +1,11 @@ kind: CustomResourceDefinition -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 metadata: name: clusteroperators.config.openshift.io annotations: include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" spec: - additionalPrinterColumns: - - JSONPath: .status.versions[?(@.name=="operator")].version - description: The version the operator is at. - name: Version - type: string - - JSONPath: .status.conditions[?(@.type=="Available")].status - description: Whether the operator is running and stable. - name: Available - type: string - - JSONPath: .status.conditions[?(@.type=="Progressing")].status - description: Whether the operator is processing changes. - name: Progressing - type: string - - JSONPath: .status.conditions[?(@.type=="Degraded")].status - description: Whether the operator is degraded. - name: Degraded - type: string - - JSONPath: .status.conditions[?(@.type=="Available")].lastTransitionTime - description: The time the operator's Available status last changed. - name: Since - type: date group: config.openshift.io names: kind: ClusterOperator @@ -35,135 +14,151 @@ spec: singular: clusteroperator shortNames: - co - preserveUnknownFields: false scope: Cluster - subresources: - status: {} - version: v1 versions: - name: v1 served: true storage: true - validation: - openAPIV3Schema: - description: ClusterOperator is the Custom Resource object which holds the current - state of an operator. This object is used by operators to convey their state - to the rest of the cluster. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds configuration that could apply to any operator. - type: object - status: - description: status holds the information about the state of an operator. It - is consistent with status information across the Kubernetes ecosystem. - type: object - properties: - conditions: - description: conditions describes the state of the operator's managed - and monitored components. - type: array - items: - description: ClusterOperatorStatusCondition represents the state of - the operator's managed and monitored components. + subresources: + status: {} + additionalPrinterColumns: + - jsonPath: .status.versions[?(@.name=="operator")].version + description: The version the operator is at. + name: Version + type: string + - jsonPath: .status.conditions[?(@.type=="Available")].status + description: Whether the operator is running and stable. + name: Available + type: string + - jsonPath: .status.conditions[?(@.type=="Progressing")].status + description: Whether the operator is processing changes. + name: Progressing + type: string + - jsonPath: .status.conditions[?(@.type=="Degraded")].status + description: Whether the operator is degraded. + name: Degraded + type: string + - jsonPath: .status.conditions[?(@.type=="Available")].lastTransitionTime + description: The time the operator's Available status last changed. + name: Since + type: date + schema: + openAPIV3Schema: + description: ClusterOperator is the Custom Resource object which holds the + current state of an operator. This object is used by operators to convey + their state to the rest of the cluster. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds configuration that could apply to any operator. + type: object + status: + description: status holds the information about the state of an operator. It + is consistent with status information across the Kubernetes ecosystem. + type: object + properties: + conditions: + description: conditions describes the state of the operator's managed + and monitored components. + type: array + items: + description: ClusterOperatorStatusCondition represents the state + of the operator's managed and monitored components. + type: object + required: + - lastTransitionTime + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status property. + type: string + format: date-time + message: + description: message provides additional information about the + current condition. This is only to be consumed by humans. It + may contain Line Feed characters (U+000A), which should be + rendered as new lines. + type: string + reason: + description: reason is the CamelCase reason for the condition's + current status. + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the aspect reported by this condition. + type: string + extension: + description: extension contains any additional status information + specific to the operator which owns this status object. type: object - required: - - lastTransitionTime - - status - - type - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status property. - type: string - format: date-time - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. It - may contain Line Feed characters (U+000A), which should be rendered - as new lines. - type: string - reason: - description: reason is the CamelCase reason for the condition's - current status. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the aspect reported by this condition. - type: string - extension: - description: extension contains any additional status information specific - to the operator which owns this status object. - type: object - nullable: true - x-kubernetes-preserve-unknown-fields: true - relatedObjects: - description: 'relatedObjects is a list of objects that are "interesting" - or related to this operator. Common uses are: 1. the detailed resource - driving the operator 2. operator namespaces 3. operand namespaces' - type: array - items: - description: ObjectReference contains enough information to let you - inspect or modify the referred object. - type: object - required: - - group - - name - - resource - properties: - group: - description: group of the referent. - type: string - name: - description: name of the referent. - type: string - namespace: - description: namespace of the referent. - type: string - resource: - description: resource of the referent. - type: string - versions: - description: versions is a slice of operator and operand version tuples. Operators - which manage multiple operands will have multiple operand entries - in the array. Available operators must report the version of the - operator itself with the name "operator". An operator reports a new - "operator" version when it has rolled out the new version to all of - its operands. - type: array - items: - type: object - required: - - name - - version - properties: - name: - description: name is the name of the particular operand this version - is for. It usually matches container images, not operators. - type: string - version: - description: version indicates which version of a particular operand - is currently being managed. It must always match the Available - operand. If 1.0.0 is Available, then this must indicate 1.0.0 - even if the operator is trying to rollout 1.1.0 - type: string - versions: - - name: v1 - served: true - storage: true + nullable: true + x-kubernetes-preserve-unknown-fields: true + relatedObjects: + description: 'relatedObjects is a list of objects that are "interesting" + or related to this operator. Common uses are: 1. the detailed resource + driving the operator 2. operator namespaces 3. operand namespaces' + type: array + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + type: object + required: + - group + - name + - resource + properties: + group: + description: group of the referent. + type: string + name: + description: name of the referent. + type: string + namespace: + description: namespace of the referent. + type: string + resource: + description: resource of the referent. + type: string + versions: + description: versions is a slice of operator and operand version tuples. Operators + which manage multiple operands will have multiple operand entries + in the array. Available operators must report the version of the + operator itself with the name "operator". An operator reports a + new "operator" version when it has rolled out the new version to + all of its operands. + type: array + items: + type: object + required: + - name + - version + properties: + name: + description: name is the name of the particular operand this + version is for. It usually matches container images, not + operators. + type: string + version: + description: version indicates which version of a particular + operand is currently being managed. It must always match + the Available operand. If 1.0.0 is Available, then this must + indicate 1.0.0 even if the operator is trying to rollout 1.1.0 + type: string diff --git a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml index 628538d0e5e3..c5be735b6a97 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_00_cluster-version-operator_01_clusterversion.crd.yaml @@ -1,4 +1,4 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: clusterversions.config.openshift.io @@ -7,166 +7,216 @@ metadata: include.release.openshift.io/single-node-developer: "true" spec: group: config.openshift.io + scope: Cluster versions: - name: v1 served: true storage: true - scope: Cluster - subresources: - status: {} - names: - plural: clusterversions - singular: clusterversion - kind: ClusterVersion - preserveUnknownFields: false - additionalPrinterColumns: - - name: Version - type: string - JSONPath: .status.history[?(@.state=="Completed")].version - - name: Available - type: string - JSONPath: .status.conditions[?(@.type=="Available")].status - - name: Progressing - type: string - JSONPath: .status.conditions[?(@.type=="Progressing")].status - - name: Since - type: date - JSONPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime - - name: Status - type: string - JSONPath: .status.conditions[?(@.type=="Progressing")].message - validation: - openAPIV3Schema: - description: ClusterVersion is the configuration for the ClusterVersionOperator. - This is where parameters related to automatic updates can be set. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec is the desired state of the cluster version - the operator - will work to ensure that the desired version is applied to the cluster. - type: object - required: - - clusterID - properties: - channel: - description: channel is an identifier for explicitly requesting that - a non-default set of updates be applied to this cluster. The default - channel will be contain stable updates that are appropriate for production - clusters. - type: string - clusterID: - description: clusterID uniquely identifies this cluster. This is expected - to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx - in hexadecimal values). This is a required field. - type: string - desiredUpdate: - description: "desiredUpdate is an optional field that indicates the - desired value of the cluster version. Setting this value will trigger - an upgrade (if the current version does not match the desired version). - The set of recommended update values is listed as part of available - updates in status, and setting values outside that range may cause - the upgrade to fail. You may specify the version field without setting - image if an update exists with that version in the availableUpdates - or history. \n If an upgrade fails the operator will halt and report - status about the failing component. Setting the desired update value - back to the previous version will cause a rollback to be attempted. - Not all rollbacks will succeed." - type: object - properties: - force: - description: "force allows an administrator to update to an image - that has failed verification, does not appear in the availableUpdates - list, or otherwise would be blocked by normal protections on update. - This option should only be used when the authenticity of the provided - image has been verified out of band because the provided image - will run with full administrative access to the cluster. Do not - use this flag with images that comes from unknown or potentially - malicious sources. \n This flag does not override other forms - of consistency checking that are required before a new update - is deployed." - type: boolean - image: - description: image is a container image location that contains the - update. When this field is part of spec, image is optional if - version is specified and the availableUpdates field contains a - matching version. - type: string - version: - description: version is a semantic versioning identifying the update - version. When this field is part of spec, version is optional - if image is specified. - type: string - overrides: - description: overrides is list of overides for components that are managed - by cluster version operator. Marking a component unmanaged will prevent - the operator from creating or updating the object. - type: array - items: - description: ComponentOverride allows overriding cluster version operator's - behavior for a component. + schema: + openAPIV3Schema: + description: ClusterVersion is the configuration for the ClusterVersionOperator. + This is where parameters related to automatic updates can be set. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec is the desired state of the cluster version - the operator + will work to ensure that the desired version is applied to the cluster. + type: object + required: + - clusterID + properties: + channel: + description: channel is an identifier for explicitly requesting that + a non-default set of updates be applied to this cluster. The default + channel will be contain stable updates that are appropriate for + production clusters. + type: string + clusterID: + description: clusterID uniquely identifies this cluster. This is expected + to be an RFC4122 UUID value (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx + in hexadecimal values). This is a required field. + type: string + desiredUpdate: + description: "desiredUpdate is an optional field that indicates the + desired value of the cluster version. Setting this value will trigger + an upgrade (if the current version does not match the desired version). + The set of recommended update values is listed as part of available + updates in status, and setting values outside that range may cause + the upgrade to fail. You may specify the version field without setting + image if an update exists with that version in the availableUpdates + or history. \n If an upgrade fails the operator will halt and report + status about the failing component. Setting the desired update value + back to the previous version will cause a rollback to be attempted. + Not all rollbacks will succeed." type: object - required: - - group - - kind - - name - - namespace - - unmanaged properties: - group: - description: group identifies the API group that the kind is in. - type: string - kind: - description: kind indentifies which object to override. - type: string - name: - description: name is the component's name. + force: + description: "force allows an administrator to update to an image + that has failed verification, does not appear in the availableUpdates + list, or otherwise would be blocked by normal protections on + update. This option should only be used when the authenticity + of the provided image has been verified out of band because + the provided image will run with full administrative access + to the cluster. Do not use this flag with images that comes + from unknown or potentially malicious sources. \n This flag + does not override other forms of consistency checking that are + required before a new update is deployed." + type: boolean + image: + description: image is a container image location that contains + the update. When this field is part of spec, image is optional + if version is specified and the availableUpdates field contains + a matching version. type: string - namespace: - description: namespace is the component's namespace. If the resource - is cluster scoped, the namespace should be empty. + version: + description: version is a semantic versioning identifying the + update version. When this field is part of spec, version is + optional if image is specified. type: string - unmanaged: - description: 'unmanaged controls if cluster version operator should - stop managing the resources in this cluster. Default: false' - type: boolean - upstream: - description: upstream may be used to specify the preferred update server. - By default it will use the appropriate update server for the cluster - and region. - type: string - status: - description: status contains information about the available updates and - any in-progress updates. - type: object - required: - - availableUpdates - - desired - - observedGeneration - - versionHash - properties: - availableUpdates: - description: availableUpdates contains the list of updates that are - appropriate for this cluster. This list may be empty if no updates - are recommended, if the update service is unavailable, or if an invalid - channel has been specified. - type: array - items: - description: Release represents an OpenShift release image and associated - metadata. + overrides: + description: overrides is list of overides for components that are + managed by cluster version operator. Marking a component unmanaged + will prevent the operator from creating or updating the object. + type: array + items: + description: ComponentOverride allows overriding cluster version + operator's behavior for a component. + type: object + required: + - group + - kind + - name + - namespace + - unmanaged + properties: + group: + description: group identifies the API group that the kind is + in. + type: string + kind: + description: kind indentifies which object to override. + type: string + name: + description: name is the component's name. + type: string + namespace: + description: namespace is the component's namespace. If the + resource is cluster scoped, the namespace should be empty. + type: string + unmanaged: + description: 'unmanaged controls if cluster version operator + should stop managing the resources in this cluster. Default: + false' + type: boolean + upstream: + description: upstream may be used to specify the preferred update + server. By default it will use the appropriate update server for + the cluster and region. + type: string + status: + description: status contains information about the available updates and + any in-progress updates. + type: object + required: + - availableUpdates + - desired + - observedGeneration + - versionHash + properties: + availableUpdates: + description: availableUpdates contains the list of updates that are + appropriate for this cluster. This list may be empty if no updates + are recommended, if the update service is unavailable, or if an + invalid channel has been specified. + type: array + items: + description: Release represents an OpenShift release image and associated + metadata. + type: object + properties: + channels: + description: channels is the set of Cincinnati channels to which + the release currently belongs. + type: array + items: + type: string + image: + description: image is a container image location that contains + the update. When this field is part of spec, image is optional + if version is specified and the availableUpdates field contains + a matching version. + type: string + url: + description: url contains information about this release. This + URL is set by the 'url' metadata property on a release or + the metadata returned by the update API and should be displayed + as a link in user interfaces. The URL field may not be set + for test or nightly releases. + type: string + version: + description: version is a semantic versioning identifying the + update version. When this field is part of spec, version is + optional if image is specified. + type: string + nullable: true + conditions: + description: conditions provides information about the cluster version. + The condition "Available" is set to true if the desiredUpdate has + been reached. The condition "Progressing" is set to true if an update + is being applied. The condition "Degraded" is set to true if an + update is currently blocked by a temporary or permanent error. Conditions + are only valid for the current desiredUpdate when metadata.generation + is equal to status.generation. + type: array + items: + description: ClusterOperatorStatusCondition represents the state + of the operator's managed and monitored components. + type: object + required: + - lastTransitionTime + - status + - type + properties: + lastTransitionTime: + description: lastTransitionTime is the time of the last update + to the current status property. + type: string + format: date-time + message: + description: message provides additional information about the + current condition. This is only to be consumed by humans. It + may contain Line Feed characters (U+000A), which should be + rendered as new lines. + type: string + reason: + description: reason is the CamelCase reason for the condition's + current status. + type: string + status: + description: status of the condition, one of True, False, Unknown. + type: string + type: + description: type specifies the aspect reported by this condition. + type: string + desired: + description: desired is the version that the cluster is reconciling + towards. If the cluster is not yet fully initialized desired will + be set with the information available, which may be an image or + a tag. type: object properties: channels: @@ -193,143 +243,92 @@ spec: update version. When this field is part of spec, version is optional if image is specified. type: string - nullable: true - conditions: - description: conditions provides information about the cluster version. - The condition "Available" is set to true if the desiredUpdate has - been reached. The condition "Progressing" is set to true if an update - is being applied. The condition "Degraded" is set to true if an update - is currently blocked by a temporary or permanent error. Conditions - are only valid for the current desiredUpdate when metadata.generation - is equal to status.generation. - type: array - items: - description: ClusterOperatorStatusCondition represents the state of - the operator's managed and monitored components. - type: object - required: - - lastTransitionTime - - status - - type - properties: - lastTransitionTime: - description: lastTransitionTime is the time of the last update - to the current status property. - type: string - format: date-time - message: - description: message provides additional information about the - current condition. This is only to be consumed by humans. It - may contain Line Feed characters (U+000A), which should be rendered - as new lines. - type: string - reason: - description: reason is the CamelCase reason for the condition's - current status. - type: string - status: - description: status of the condition, one of True, False, Unknown. - type: string - type: - description: type specifies the aspect reported by this condition. - type: string - desired: - description: desired is the version that the cluster is reconciling - towards. If the cluster is not yet fully initialized desired will - be set with the information available, which may be an image or a - tag. - type: object - properties: - channels: - description: channels is the set of Cincinnati channels to which - the release currently belongs. - type: array - items: - type: string - image: - description: image is a container image location that contains the - update. When this field is part of spec, image is optional if - version is specified and the availableUpdates field contains a - matching version. - type: string - url: - description: url contains information about this release. This URL - is set by the 'url' metadata property on a release or the metadata - returned by the update API and should be displayed as a link in - user interfaces. The URL field may not be set for test or nightly - releases. - type: string - version: - description: version is a semantic versioning identifying the update - version. When this field is part of spec, version is optional - if image is specified. - type: string - history: - description: history contains a list of the most recent versions applied - to the cluster. This value may be empty during cluster startup, and - then will be updated when a new update is being applied. The newest - update is first in the list and it is ordered by recency. Updates - in the history have state Completed if the rollout completed - if - an update was failing or halfway applied the state will be Partial. - Only a limited amount of update history is preserved. - type: array - items: - description: UpdateHistory is a single attempted update to the cluster. - type: object - required: - - completionTime - - image - - startedTime - - state - - verified - properties: - completionTime: - description: completionTime, if set, is when the update was fully - applied. The update that is currently being applied will have - a null completion time. Completion time will always be set for - entries that are not the current update (usually to the started - time of the next update). - type: string - format: date-time - nullable: true - image: - description: image is a container image location that contains - the update. This value is always populated. - type: string - startedTime: - description: startedTime is the time at which the update was started. - type: string - format: date-time - state: - description: state reflects whether the update was fully applied. - The Partial state indicates the update is not fully applied, - while the Completed state indicates the update was successfully - rolled out at least once (all parts of the update successfully - applied). - type: string - verified: - description: verified indicates whether the provided update was - properly verified before it was installed. If this is false - the cluster may not be trusted. - type: boolean - version: - description: version is a semantic versioning identifying the - update version. If the requested image does not define a version, - or if a failure occurs retrieving the image, this value may - be empty. - type: string - observedGeneration: - description: observedGeneration reports which version of the spec is - being synced. If this value is not equal to metadata.generation, then - the desired and conditions fields may represent a previous version. - type: integer - format: int64 - versionHash: - description: versionHash is a fingerprint of the content that the cluster - will be updated with. It is used by the operator to avoid unnecessary - work and is for internal use only. - type: string - versions: - - name: v1 - served: true - storage: true + history: + description: history contains a list of the most recent versions applied + to the cluster. This value may be empty during cluster startup, + and then will be updated when a new update is being applied. The + newest update is first in the list and it is ordered by recency. + Updates in the history have state Completed if the rollout completed + - if an update was failing or halfway applied the state will be + Partial. Only a limited amount of update history is preserved. + type: array + items: + description: UpdateHistory is a single attempted update to the cluster. + type: object + required: + - completionTime + - image + - startedTime + - state + - verified + properties: + completionTime: + description: completionTime, if set, is when the update was + fully applied. The update that is currently being applied + will have a null completion time. Completion time will always + be set for entries that are not the current update (usually + to the started time of the next update). + type: string + format: date-time + nullable: true + image: + description: image is a container image location that contains + the update. This value is always populated. + type: string + startedTime: + description: startedTime is the time at which the update was + started. + type: string + format: date-time + state: + description: state reflects whether the update was fully applied. + The Partial state indicates the update is not fully applied, + while the Completed state indicates the update was successfully + rolled out at least once (all parts of the update successfully + applied). + type: string + verified: + description: verified indicates whether the provided update + was properly verified before it was installed. If this is + false the cluster may not be trusted. + type: boolean + version: + description: version is a semantic versioning identifying the + update version. If the requested image does not define a version, + or if a failure occurs retrieving the image, this value may + be empty. + type: string + observedGeneration: + description: observedGeneration reports which version of the spec + is being synced. If this value is not equal to metadata.generation, + then the desired and conditions fields may represent a previous + version. + type: integer + format: int64 + versionHash: + description: versionHash is a fingerprint of the content that the + cluster will be updated with. It is used by the operator to avoid + unnecessary work and is for internal use only. + type: string + subresources: + status: {} + additionalPrinterColumns: + - name: Version + type: string + jsonPath: .status.history[?(@.state=="Completed")].version + - name: Available + type: string + jsonPath: .status.conditions[?(@.type=="Available")].status + - name: Progressing + type: string + jsonPath: .status.conditions[?(@.type=="Progressing")].status + - name: Since + type: date + jsonPath: .status.conditions[?(@.type=="Progressing")].lastTransitionTime + - name: Status + type: string + jsonPath: .status.conditions[?(@.type=="Progressing")].message + names: + plural: clusterversions + singular: clusterversion + kind: ClusterVersion diff --git a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml index 35ed9bf1746f..daed0de9fed4 100644 --- a/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml +++ b/vendor/github.com/openshift/api/config/v1/0000_10_config-operator_01_image.crd.yaml @@ -1,4 +1,4 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: images.config.openshift.io @@ -9,7 +9,6 @@ metadata: spec: group: config.openshift.io scope: Cluster - preserveUnknownFields: false names: kind: Image singular: image @@ -19,143 +18,144 @@ spec: - name: v1 served: true storage: true - subresources: - status: {} - "validation": - "openAPIV3Schema": - description: Image governs policies related to imagestream imports and runtime - configuration for external registries. It allows cluster admins to configure - which registries OpenShift is allowed to import images from, extra CA trust - bundles for external registries, and policies to block or allow registry hostnames. - When exposing OpenShift's image registry to the public, this also lets cluster - admins specify the external hostname. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - additionalTrustedCA: - description: additionalTrustedCA is a reference to a ConfigMap containing - additional CAs that should be trusted during imagestream import, pod - image pull, build image pull, and imageregistry pullthrough. The namespace - for this config map is openshift-config. - type: object - required: - - name - properties: - name: - description: name is the metadata.name of the referenced config - map - type: string - allowedRegistriesForImport: - description: allowedRegistriesForImport limits the container image registries - that normal users may import images from. Set this list to the registries - that you trust to contain valid Docker images and that you want applications - to be able to import from. Users with permission to create Images - or ImageStreamMappings via the API are not affected by this policy - - typically only administrators or system integrations will have those - permissions. - type: array - items: - description: RegistryLocation contains a location of the registry - specified by the registry domain name. The domain name might include - wildcards, like '*' or '??'. + subresources: + status: {} + schema: + openAPIV3Schema: + description: Image governs policies related to imagestream imports and runtime + configuration for external registries. It allows cluster admins to configure + which registries OpenShift is allowed to import images from, extra CA trust + bundles for external registries, and policies to block or allow registry + hostnames. When exposing OpenShift's image registry to the public, this + also lets cluster admins specify the external hostname. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + additionalTrustedCA: + description: additionalTrustedCA is a reference to a ConfigMap containing + additional CAs that should be trusted during imagestream import, + pod image pull, build image pull, and imageregistry pullthrough. + The namespace for this config map is openshift-config. type: object + required: + - name properties: - domainName: - description: domainName specifies a domain name for the registry - In case the registry use non-standard (80 or 443) port, the - port should be included in the domain name as well. - type: string - insecure: - description: insecure indicates whether the registry is secure - (https) or insecure (http) By default (if not specified) the - registry is assumed as secure. - type: boolean - externalRegistryHostnames: - description: externalRegistryHostnames provides the hostnames for the - default external image registry. The external hostname should be set - only when the image registry is exposed externally. The first value - is used in 'publicDockerImageRepository' field in ImageStreams. The - value must be in "hostname[:port]" format. - type: array - items: - type: string - registrySources: - description: registrySources contains configuration that determines - how the container runtime should treat individual registries when - accessing images for builds+pods. (e.g. whether or not to allow insecure - access). It does not contain configuration for the internal cluster - registry. - type: object - properties: - allowedRegistries: - description: "allowedRegistries are the only registries permitted - for image pull and push actions. All other registries are denied. - \n Only one of BlockedRegistries or AllowedRegistries may be set." - type: array - items: - type: string - blockedRegistries: - description: "blockedRegistries cannot be used for image pull and - push actions. All other registries are permitted. \n Only one - of BlockedRegistries or AllowedRegistries may be set." - type: array - items: - type: string - containerRuntimeSearchRegistries: - description: 'containerRuntimeSearchRegistries are registries that - will be searched when pulling images that do not have fully qualified - domains in their pull specs. Registries will be searched in the - order provided in the list. Note: this search list only works - with the container runtime, i.e CRI-O. Will NOT work with builds - or imagestream imports.' - type: array - format: hostname - minItems: 1 - items: + name: + description: name is the metadata.name of the referenced config + map type: string - x-kubernetes-list-type: set - insecureRegistries: - description: insecureRegistries are registries which do not have - a valid TLS certificates or only support HTTP connections. - type: array - items: - type: string - status: - description: status holds observed values from the cluster. They may not - be overridden. - type: object - properties: - externalRegistryHostnames: - description: externalRegistryHostnames provides the hostnames for the - default external image registry. The external hostname should be set - only when the image registry is exposed externally. The first value - is used in 'publicDockerImageRepository' field in ImageStreams. The - value must be in "hostname[:port]" format. - type: array - items: + allowedRegistriesForImport: + description: allowedRegistriesForImport limits the container image + registries that normal users may import images from. Set this list + to the registries that you trust to contain valid Docker images + and that you want applications to be able to import from. Users + with permission to create Images or ImageStreamMappings via the + API are not affected by this policy - typically only administrators + or system integrations will have those permissions. + type: array + items: + description: RegistryLocation contains a location of the registry + specified by the registry domain name. The domain name might include + wildcards, like '*' or '??'. + type: object + properties: + domainName: + description: domainName specifies a domain name for the registry + In case the registry use non-standard (80 or 443) port, the + port should be included in the domain name as well. + type: string + insecure: + description: insecure indicates whether the registry is secure + (https) or insecure (http) By default (if not specified) the + registry is assumed as secure. + type: boolean + externalRegistryHostnames: + description: externalRegistryHostnames provides the hostnames for + the default external image registry. The external hostname should + be set only when the image registry is exposed externally. The first + value is used in 'publicDockerImageRepository' field in ImageStreams. + The value must be in "hostname[:port]" format. + type: array + items: + type: string + registrySources: + description: registrySources contains configuration that determines + how the container runtime should treat individual registries when + accessing images for builds+pods. (e.g. whether or not to allow + insecure access). It does not contain configuration for the internal + cluster registry. + type: object + properties: + allowedRegistries: + description: "allowedRegistries are the only registries permitted + for image pull and push actions. All other registries are denied. + \n Only one of BlockedRegistries or AllowedRegistries may be + set." + type: array + items: + type: string + blockedRegistries: + description: "blockedRegistries cannot be used for image pull + and push actions. All other registries are permitted. \n Only + one of BlockedRegistries or AllowedRegistries may be set." + type: array + items: + type: string + containerRuntimeSearchRegistries: + description: 'containerRuntimeSearchRegistries are registries + that will be searched when pulling images that do not have fully + qualified domains in their pull specs. Registries will be searched + in the order provided in the list. Note: this search list only + works with the container runtime, i.e CRI-O. Will NOT work with + builds or imagestream imports.' + type: array + format: hostname + minItems: 1 + items: + type: string + x-kubernetes-list-type: set + insecureRegistries: + description: insecureRegistries are registries which do not have + a valid TLS certificates or only support HTTP connections. + type: array + items: + type: string + status: + description: status holds observed values from the cluster. They may not + be overridden. + type: object + properties: + externalRegistryHostnames: + description: externalRegistryHostnames provides the hostnames for + the default external image registry. The external hostname should + be set only when the image registry is exposed externally. The first + value is used in 'publicDockerImageRepository' field in ImageStreams. + The value must be in "hostname[:port]" format. + type: array + items: + type: string + internalRegistryHostname: + description: internalRegistryHostname sets the hostname for the default + internal image registry. The value must be in "hostname[:port]" + format. This value is set by the image registry operator which controls + the internal registry hostname. For backward compatibility, users + can still use OPENSHIFT_DEFAULT_REGISTRY environment variable but + this setting overrides the environment variable. type: string - internalRegistryHostname: - description: internalRegistryHostname sets the hostname for the default - internal image registry. The value must be in "hostname[:port]" format. - This value is set by the image registry operator which controls the - internal registry hostname. For backward compatibility, users can - still use OPENSHIFT_DEFAULT_REGISTRY environment variable but this - setting overrides the environment variable. - type: string diff --git a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go index 299adb1c9f0d..92f500dfd712 100644 --- a/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go +++ b/vendor/github.com/openshift/api/config/v1/types_cluster_operator.go @@ -142,6 +142,8 @@ type ClusterStatusConditionType string const ( // Available indicates that the operand (eg: openshift-apiserver for the // openshift-apiserver-operator), is functional and available in the cluster. + // Available=False means at least part of the component is non-functional, + // and that the condition requires immediate administrator intervention. OperatorAvailable ClusterStatusConditionType = "Available" // Progressing indicates that the operator is actively rolling out new code, @@ -162,10 +164,10 @@ const ( // persist over a long enough period to report Degraded. A service should not // report Degraded during the course of a normal upgrade. A service may report // Degraded in response to a persistent infrastructure failure that requires - // administrator intervention. For example, if a control plane host is unhealthy - // and must be replaced. An operator should report Degraded if unexpected - // errors occur over a period, but the expectation is that all unexpected errors - // are handled as operators mature. + // eventual administrator intervention. For example, if a control plane host + // is unhealthy and must be replaced. An operator should report Degraded if + // unexpected errors occur over a period, but the expectation is that all + // unexpected errors are handled as operators mature. OperatorDegraded ClusterStatusConditionType = "Degraded" // Upgradeable indicates whether the operator is in a state that is safe to upgrade. When status is `False` diff --git a/vendor/github.com/openshift/api/go.mod b/vendor/github.com/openshift/api/go.mod index 8cfba0f9f442..b3a0a203aeb2 100644 --- a/vendor/github.com/openshift/api/go.mod +++ b/vendor/github.com/openshift/api/go.mod @@ -1,14 +1,14 @@ module github.com/openshift/api -go 1.15 +go 1.16 require ( github.com/gogo/protobuf v1.3.2 - github.com/openshift/build-machinery-go v0.0.0-20210209125900-0da259a2c359 + github.com/openshift/build-machinery-go v0.0.0-20210423112049-9415d7ebd33e github.com/spf13/pflag v1.0.5 golang.org/x/tools v0.1.0 - k8s.io/api v0.21.0-rc.0 - k8s.io/apimachinery v0.21.0-rc.0 - k8s.io/code-generator v0.21.0-rc.0 + k8s.io/api v0.21.1 + k8s.io/apimachinery v0.21.1 + k8s.io/code-generator v0.21.1 k8s.io/klog/v2 v2.8.0 ) diff --git a/vendor/github.com/openshift/api/go.sum b/vendor/github.com/openshift/api/go.sum index 0d3268d5f305..496a65f549d1 100644 --- a/vendor/github.com/openshift/api/go.sum +++ b/vendor/github.com/openshift/api/go.sum @@ -102,8 +102,8 @@ github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+W github.com/onsi/ginkgo v1.11.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE= github.com/onsi/gomega v0.0.0-20170829124025-dcabb60a477c/go.mod h1:C1qb7wdrVGGVU+Z6iS04AVkA3Q65CEZX59MT0QO5uiA= github.com/onsi/gomega v1.7.0/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY= -github.com/openshift/build-machinery-go v0.0.0-20210209125900-0da259a2c359 h1:ehSDsWQiUVzJZrSEXMC7ceV9JIPEyTYqrpqu3m4Wa08= -github.com/openshift/build-machinery-go v0.0.0-20210209125900-0da259a2c359/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= +github.com/openshift/build-machinery-go v0.0.0-20210423112049-9415d7ebd33e h1:F7rBobgSjtYL3/zsgDUjlTVx3Z06hdgpoldpDcn7jzc= +github.com/openshift/build-machinery-go v0.0.0-20210423112049-9415d7ebd33e/go.mod h1:b1BuldmJlbA/xYtdZvKi+7j5YGB44qJUJDZ9zwiNCfE= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= @@ -221,12 +221,12 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.21.0-rc.0 h1:t/kW96KdNJNamYNqxaxRirahK+FaWJQ6BJPbXm5Jb+o= -k8s.io/api v0.21.0-rc.0/go.mod h1:Dkc/ZauWJrgZhjOjeBgW89xZQiTBJA2RaBKYHXPsi2Y= -k8s.io/apimachinery v0.21.0-rc.0 h1:m9dyzHb8QZAHOZKIz2SiabSif1oLsfgrnwiago/9xJA= -k8s.io/apimachinery v0.21.0-rc.0/go.mod h1:jbreFvJo3ov9rj7eWT7+sYiRx+qZuCYXwWT1bcDswPY= -k8s.io/code-generator v0.21.0-rc.0 h1:5XqZwy0dHr3LssJ9ImpO8dCjdTvZ8Bw84b90dZ46kPk= -k8s.io/code-generator v0.21.0-rc.0/go.mod h1:hUlps5+9QaTrKx+jiM4rmq7YmH8wPOIko64uZCHDh6Q= +k8s.io/api v0.21.1 h1:94bbZ5NTjdINJEdzOkpS4vdPhkb1VFpTYC9zh43f75c= +k8s.io/api v0.21.1/go.mod h1:FstGROTmsSHBarKc8bylzXih8BLNYTiS3TZcsoEDg2s= +k8s.io/apimachinery v0.21.1 h1:Q6XuHGlj2xc+hlMCvqyYfbv3H7SRGn2c8NycxJquDVs= +k8s.io/apimachinery v0.21.1/go.mod h1:jbreFvJo3ov9rj7eWT7+sYiRx+qZuCYXwWT1bcDswPY= +k8s.io/code-generator v0.21.1 h1:jvcxHpVu5dm/LMXr3GOj/jroiP8+v2YnJE9i2OVRenk= +k8s.io/code-generator v0.21.1/go.mod h1:hUlps5+9QaTrKx+jiM4rmq7YmH8wPOIko64uZCHDh6Q= k8s.io/gengo v0.0.0-20200413195148-3a45101e95ac/go.mod h1:ezvh/TsK7cY6rbqRK0oQQ8IAqLxYwwyPxAX1Pzy0ii0= k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027 h1:Uusb3oh8XcdzDF/ndlI4ToKTYVlkCSJP39SRY2mfRAw= k8s.io/gengo v0.0.0-20201214224949-b6c5ce23f027/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= diff --git a/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml index 5a90f45dbe3d..525b81c0e79c 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_10_config-operator_01_config.crd.yaml @@ -24,6 +24,8 @@ spec: schema: openAPIV3Schema: description: Config provides information to configure the config operator. + It handles installation, migration or synchronization of cloud based cluster + configurations like AWS or Azure. type: object required: - spec diff --git a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml index 9bcd8445a25e..eaaecf0b237d 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_50_ingress-operator_00-ingresscontroller.crd.yaml @@ -981,15 +981,17 @@ spec: description: "threadCount defines the number of threads created per HAProxy process. Creating more threads allows each ingress controller pod to handle more connections, at the cost of more - system resources being used. If this field is empty, the IngressController - will use the default value. The current default is 4 threads, - but this may change in future releases. \n Setting this field - is generally not recommended. Increasing the number of HAProxy + system resources being used. HAProxy currently supports up to + 64 threads. If this field is empty, the IngressController will + use the default value. The current default is 4 threads, but + this may change in future releases. \n Setting this field is + generally not recommended. Increasing the number of HAProxy threads allows ingress controller pods to utilize more CPU time under load, potentially starving other pods if set too high. Reducing the number of threads may cause the ingress controller to perform poorly." format: int32 + maximum: 64 minimum: 1 type: integer type: object diff --git a/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml b/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml index d640e6038823..2253aaa42360 100644 --- a/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1/0000_70_console-operator.crd.yaml @@ -50,6 +50,19 @@ spec: of customization options to the web console. type: object properties: + addPage: + description: addPage allows customizing actions on the Add page + in developer perspective. + type: object + properties: + disabledActions: + description: disabledActions is a list of actions that are + not shown to users. Each action in the list is represented + by its ID. + type: array + minItems: 1 + items: + type: string brand: description: brand is the default branding of the web console which can be overridden by providing the brand field. There @@ -256,7 +269,7 @@ spec: domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default - route will be used. + route will be used. DEPRECATED type: object properties: hostname: diff --git a/vendor/github.com/openshift/api/operator/v1/types_config.go b/vendor/github.com/openshift/api/operator/v1/types_config.go index 267f3682e8d3..e073269ffa98 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_config.go +++ b/vendor/github.com/openshift/api/operator/v1/types_config.go @@ -8,7 +8,7 @@ import ( // +genclient:nonNamespaced // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object -// Config provides information to configure the config operator. +// Config provides information to configure the config operator. It handles installation, migration or synchronization of cloud based cluster configurations like AWS or Azure. type Config struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata"` diff --git a/vendor/github.com/openshift/api/operator/v1/types_console.go b/vendor/github.com/openshift/api/operator/v1/types_console.go index 866ce26faa71..2f6443df70ae 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_console.go +++ b/vendor/github.com/openshift/api/operator/v1/types_console.go @@ -40,6 +40,7 @@ type ConsoleSpec struct { // The default console route will be maintained to reserve the default hostname // for console if the custom route is removed. // If not specified, default route will be used. + // DEPRECATED // +optional Route ConsoleConfigRoute `json:"route"` // plugins defines a list of enabled console plugin names. @@ -48,6 +49,7 @@ type ConsoleSpec struct { } // ConsoleConfigRoute holds information on external route access to console. +// DEPRECATED type ConsoleConfigRoute struct { // hostname is the desired custom domain under which console will be available. Hostname string `json:"hostname"` @@ -123,6 +125,10 @@ type ConsoleCustomization struct { // +kubebuilder:validation:Optional // +optional QuickStarts QuickStarts `json:"quickStarts,omitempty"` + // addPage allows customizing actions on the Add page in developer perspective. + // +kubebuilder:validation:Optional + // +optional + AddPage AddPage `json:"addPage,omitempty"` } // ProjectAccess contains options for project access roles @@ -183,6 +189,16 @@ type QuickStarts struct { Disabled []string `json:"disabled,omitempty"` } +// AddPage allows customizing actions on the Add page in developer perspective. +type AddPage struct { + // disabledActions is a list of actions that are not shown to users. + // Each action in the list is represented by its ID. + // +kubebuilder:validation:Optional + // +kubebuilder:validation:MinItems=1 + // +optional + DisabledActions []string `json:"disabledActions,omitempty"` +} + // Brand is a specific supported brand within the console. // +kubebuilder:validation:Pattern=`^$|^(ocp|origin|okd|dedicated|online|azure)$` type Brand string diff --git a/vendor/github.com/openshift/api/operator/v1/types_ingress.go b/vendor/github.com/openshift/api/operator/v1/types_ingress.go index 235d11849299..126b53cf0d8d 100644 --- a/vendor/github.com/openshift/api/operator/v1/types_ingress.go +++ b/vendor/github.com/openshift/api/operator/v1/types_ingress.go @@ -1064,9 +1064,10 @@ type IngressControllerTuningOptions struct { // threadCount defines the number of threads created per HAProxy process. // Creating more threads allows each ingress controller pod to handle more - // connections, at the cost of more system resources being used. If this - // field is empty, the IngressController will use the default value. The - // current default is 4 threads, but this may change in future releases. + // connections, at the cost of more system resources being used. HAProxy + // currently supports up to 64 threads. If this field is empty, the + // IngressController will use the default value. The current default is 4 + // threads, but this may change in future releases. // // Setting this field is generally not recommended. Increasing the number // of HAProxy threads allows ingress controller pods to utilize more CPU @@ -1076,6 +1077,7 @@ type IngressControllerTuningOptions struct { // // +kubebuilder:validation:Optional // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=64 // +optional ThreadCount int32 `json:"threadCount,omitempty"` } diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go index 9368a39d6d8d..befbfb16c3bf 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.deepcopy.go @@ -92,6 +92,27 @@ func (in *AccessLogging) DeepCopy() *AccessLogging { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *AddPage) DeepCopyInto(out *AddPage) { + *out = *in + if in.DisabledActions != nil { + in, out := &in.DisabledActions, &out.DisabledActions + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddPage. +func (in *AddPage) DeepCopy() *AddPage { + if in == nil { + return nil + } + out := new(AddPage) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *AdditionalNetworkDefinition) DeepCopyInto(out *AdditionalNetworkDefinition) { *out = *in @@ -657,6 +678,7 @@ func (in *ConsoleCustomization) DeepCopyInto(out *ConsoleCustomization) { in.DeveloperCatalog.DeepCopyInto(&out.DeveloperCatalog) in.ProjectAccess.DeepCopyInto(&out.ProjectAccess) in.QuickStarts.DeepCopyInto(&out.QuickStarts) + in.AddPage.DeepCopyInto(&out.AddPage) return } diff --git a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go index f6996a6fd672..0324f679c502 100644 --- a/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go +++ b/vendor/github.com/openshift/api/operator/v1/zz_generated.swagger_doc_generated.go @@ -161,7 +161,7 @@ func (CloudCredentialStatus) SwaggerDoc() map[string]string { } var map_Config = map[string]string{ - "": "Config provides information to configure the config operator.", + "": "Config provides information to configure the config operator. It handles installation, migration or synchronization of cloud based cluster configurations like AWS or Azure.", "spec": "spec is the specification of the desired behavior of the Config Operator.", "status": "status defines the observed status of the Config Operator.", } @@ -179,6 +179,15 @@ func (ConfigList) SwaggerDoc() map[string]string { return map_ConfigList } +var map_AddPage = map[string]string{ + "": "AddPage allows customizing actions on the Add page in developer perspective.", + "disabledActions": "disabledActions is a list of actions that are not shown to users. Each action in the list is represented by its ID.", +} + +func (AddPage) SwaggerDoc() map[string]string { + return map_AddPage +} + var map_Console = map[string]string{ "": "Console provides a means to configure an operator to manage the console.", } @@ -188,7 +197,7 @@ func (Console) SwaggerDoc() map[string]string { } var map_ConsoleConfigRoute = map[string]string{ - "": "ConsoleConfigRoute holds information on external route access to console.", + "": "ConsoleConfigRoute holds information on external route access to console. DEPRECATED", "hostname": "hostname is the desired custom domain under which console will be available.", "secret": "secret points to secret in the openshift-config namespace that contains custom certificate and key and needs to be created manually by the cluster admin. Referenced Secret is required to contain following key value pairs: - \"tls.crt\" - to specifies custom certificate - \"tls.key\" - to specifies private key of the custom certificate If the custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed.", } @@ -206,6 +215,7 @@ var map_ConsoleCustomization = map[string]string{ "developerCatalog": "developerCatalog allows to configure the shown developer catalog categories.", "projectAccess": "projectAccess allows customizing the available list of ClusterRoles in the Developer perspective Project access page which can be used by a project admin to specify roles to other users and restrict access within the project. If set, the list will replace the default ClusterRole options.", "quickStarts": "quickStarts allows customization of available ConsoleQuickStart resources in console.", + "addPage": "addPage allows customizing actions on the Add page in developer perspective.", } func (ConsoleCustomization) SwaggerDoc() map[string]string { @@ -225,7 +235,7 @@ var map_ConsoleSpec = map[string]string{ "": "ConsoleSpec is the specification of the desired behavior of the Console.", "customization": "customization is used to optionally provide a small set of customization options to the web console.", "providers": "providers contains configuration for using specific service providers.", - "route": "route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used.", + "route": "route contains hostname and secret reference that contains the serving certificate. If a custom route is specified, a new route will be created with the provided hostname, under which console will be available. In case of custom hostname uses the default routing suffix of the cluster, the Secret specification for a serving certificate will not be needed. In case of custom hostname points to an arbitrary domain, manual DNS configurations steps are necessary. The default console route will be maintained to reserve the default hostname for console if the custom route is removed. If not specified, default route will be used. DEPRECATED", "plugins": "plugins defines a list of enabled console plugin names.", } @@ -658,7 +668,7 @@ var map_IngressControllerTuningOptions = map[string]string{ "": "IngressControllerTuningOptions specifies options for tuning the performance of ingress controller pods", "headerBufferBytes": "headerBufferBytes describes how much memory should be reserved (in bytes) for IngressController connection sessions. Note that this value must be at least 16384 if HTTP/2 is enabled for the IngressController (https://tools.ietf.org/html/rfc7540). If this field is empty, the IngressController will use a default value of 32768 bytes.\n\nSetting this field is generally not recommended as headerBufferBytes values that are too small may break the IngressController and headerBufferBytes values that are too large could cause the IngressController to use significantly more memory than necessary.", "headerBufferMaxRewriteBytes": "headerBufferMaxRewriteBytes describes how much memory should be reserved (in bytes) from headerBufferBytes for HTTP header rewriting and appending for IngressController connection sessions. Note that incoming HTTP requests will be limited to (headerBufferBytes - headerBufferMaxRewriteBytes) bytes, meaning headerBufferBytes must be greater than headerBufferMaxRewriteBytes. If this field is empty, the IngressController will use a default value of 8192 bytes.\n\nSetting this field is generally not recommended as headerBufferMaxRewriteBytes values that are too small may break the IngressController and headerBufferMaxRewriteBytes values that are too large could cause the IngressController to use significantly more memory than necessary.", - "threadCount": "threadCount defines the number of threads created per HAProxy process. Creating more threads allows each ingress controller pod to handle more connections, at the cost of more system resources being used. If this field is empty, the IngressController will use the default value. The current default is 4 threads, but this may change in future releases.\n\nSetting this field is generally not recommended. Increasing the number of HAProxy threads allows ingress controller pods to utilize more CPU time under load, potentially starving other pods if set too high. Reducing the number of threads may cause the ingress controller to perform poorly.", + "threadCount": "threadCount defines the number of threads created per HAProxy process. Creating more threads allows each ingress controller pod to handle more connections, at the cost of more system resources being used. HAProxy currently supports up to 64 threads. If this field is empty, the IngressController will use the default value. The current default is 4 threads, but this may change in future releases.\n\nSetting this field is generally not recommended. Increasing the number of HAProxy threads allows ingress controller pods to utilize more CPU time under load, potentially starving other pods if set too high. Reducing the number of threads may cause the ingress controller to perform poorly.", } func (IngressControllerTuningOptions) SwaggerDoc() map[string]string { diff --git a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml index 16c5e4f8e530..92d1404fcddf 100644 --- a/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml +++ b/vendor/github.com/openshift/api/operator/v1alpha1/0000_10_config-operator_01_imagecontentsourcepolicy.crd.yaml @@ -1,4 +1,4 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: imagecontentsourcepolicies.operator.openshift.io @@ -9,7 +9,6 @@ metadata: spec: group: operator.openshift.io scope: Cluster - preserveUnknownFields: false names: kind: ImageContentSourcePolicy singular: imagecontentsourcepolicy @@ -19,74 +18,76 @@ spec: - name: v1alpha1 served: true storage: true - subresources: - status: {} - "validation": - "openAPIV3Schema": - description: ImageContentSourcePolicy holds cluster-wide information about how - to handle registry mirror rules. When multiple policies are defined, the outcome - of the behavior is defined on each field. - type: object - required: - - spec - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: spec holds user settable values for configuration - type: object - properties: - repositoryDigestMirrors: - description: "repositoryDigestMirrors allows images referenced by image - digests in pods to be pulled from alternative mirrored repository - locations. The image pull specification provided to the pod will be - compared to the source locations described in RepositoryDigestMirrors - and the image may be pulled down from any of the mirrors in the list - instead of the specified repository allowing administrators to choose - a potentially faster mirror. Only image pull specifications that have - an image digest will have this behavior applied to them - tags will - continue to be pulled from the specified repository in the pull spec. - \n Each “source” repository is treated independently; configurations - for different “source” repositories don’t interact. \n When multiple - policies are defined for the same “source” repository, the sets of - defined mirrors will be merged together, preserving the relative order - of the mirrors, if possible. For example, if policy A has mirrors - `a, b, c` and policy B has mirrors `c, d, e`, the mirrors will be - used in the order `a, b, c, d, e`. If the orders of mirror entries - conflict (e.g. `a, b` vs. `b, a`) the configuration is not rejected - but the resulting order is unspecified." - type: array - items: - description: 'RepositoryDigestMirrors holds cluster-wide information - about how to handle mirros in the registries config. Note: the mirrors - only work when pulling the images that are referenced by their digests.' - type: object - required: - - source - properties: - mirrors: - description: mirrors is one or more repositories that may also - contain the same images. The order of mirrors in this list is - treated as the user's desired priority, while source is by default - considered lower priority than all mirrors. Other cluster configuration, - including (but not limited to) other repositoryDigestMirrors - objects, may impact the exact order mirrors are contacted in, - or some mirrors may be contacted in parallel, so this should - be considered a preference rather than a guarantee of ordering. - type: array - items: + subresources: + status: {} + schema: + openAPIV3Schema: + description: ImageContentSourcePolicy holds cluster-wide information about + how to handle registry mirror rules. When multiple policies are defined, + the outcome of the behavior is defined on each field. + type: object + required: + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec holds user settable values for configuration + type: object + properties: + repositoryDigestMirrors: + description: "repositoryDigestMirrors allows images referenced by + image digests in pods to be pulled from alternative mirrored repository + locations. The image pull specification provided to the pod will + be compared to the source locations described in RepositoryDigestMirrors + and the image may be pulled down from any of the mirrors in the + list instead of the specified repository allowing administrators + to choose a potentially faster mirror. Only image pull specifications + that have an image digest will have this behavior applied to them + - tags will continue to be pulled from the specified repository + in the pull spec. \n Each “source” repository is treated independently; + configurations for different “source” repositories don’t interact. + \n When multiple policies are defined for the same “source” repository, + the sets of defined mirrors will be merged together, preserving + the relative order of the mirrors, if possible. For example, if + policy A has mirrors `a, b, c` and policy B has mirrors `c, d, e`, + the mirrors will be used in the order `a, b, c, d, e`. If the orders + of mirror entries conflict (e.g. `a, b` vs. `b, a`) the configuration + is not rejected but the resulting order is unspecified." + type: array + items: + description: 'RepositoryDigestMirrors holds cluster-wide information + about how to handle mirros in the registries config. Note: the + mirrors only work when pulling the images that are referenced + by their digests.' + type: object + required: + - source + properties: + mirrors: + description: mirrors is one or more repositories that may also + contain the same images. The order of mirrors in this list + is treated as the user's desired priority, while source is + by default considered lower priority than all mirrors. Other + cluster configuration, including (but not limited to) other + repositoryDigestMirrors objects, may impact the exact order + mirrors are contacted in, or some mirrors may be contacted + in parallel, so this should be considered a preference rather + than a guarantee of ordering. + type: array + items: + type: string + source: + description: source is the repository that users refer to, e.g. + in image pull specifications. type: string - source: - description: source is the repository that users refer to, e.g. - in image pull specifications. - type: string diff --git a/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml b/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml index ae60b571a95d..2602365503a7 100644 --- a/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml +++ b/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml @@ -1,4 +1,4 @@ -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: @@ -13,233 +13,235 @@ spec: listKind: ClusterResourceQuotaList plural: clusterresourcequotas singular: clusterresourcequota - preserveUnknownFields: false scope: Cluster - subresources: - status: {} - validation: - openAPIV3Schema: - description: ClusterResourceQuota mirrors ResourceQuota at a cluster scope. This - object is easily convertible to synthetic ResourceQuota object to allow quota - evaluation re-use. - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: Spec defines the desired quota - properties: - quota: - description: Quota defines the desired quota - properties: - hard: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - type: "" - x-kubernetes-int-or-string: true - description: 'hard is the set of desired hard limits for each named - resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' - type: object - scopeSelector: - description: scopeSelector is also a collection of filters like - scopes that must match each object tracked by a quota but expressed - using ScopeSelectorOperator in combination with possible values. - For a resource to match, both scopes AND scopeSelector (if specified - in spec), must be matched. - properties: - matchExpressions: - description: A list of scope selector requirements by scope - of the resources. - items: - description: A scoped-resource selector requirement is a selector - that contains values, a scope name, and an operator that - relates the scope name and values. - properties: - operator: - description: Represents a scope's relationship to a set - of values. Valid operators are In, NotIn, Exists, DoesNotExist. - type: string - scopeName: - description: The name of the scope that the selector applies - to. - type: string - values: - description: An array of string values. If the operator - is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: + versions: + - name: v1 + schema: + openAPIV3Schema: + description: ClusterResourceQuota mirrors ResourceQuota at a cluster scope. This + object is easily convertible to synthetic ResourceQuota object to allow + quota evaluation re-use. + type: object + required: + - metadata + - spec + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec defines the desired quota + type: object + required: + - quota + - selector + properties: + quota: + description: Quota defines the desired quota + type: object + properties: + hard: + description: 'hard is the set of desired hard limits for each + named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + scopeSelector: + description: scopeSelector is also a collection of filters like + scopes that must match each object tracked by a quota but expressed + using ScopeSelectorOperator in combination with possible values. + For a resource to match, both scopes AND scopeSelector (if specified + in spec), must be matched. + type: object + properties: + matchExpressions: + description: A list of scope selector requirements by scope + of the resources. + type: array + items: + description: A scoped-resource selector requirement is a + selector that contains values, a scope name, and an operator + that relates the scope name and values. + type: object + required: + - operator + - scopeName + properties: + operator: + description: Represents a scope's relationship to a + set of values. Valid operators are In, NotIn, Exists, + DoesNotExist. type: string - type: array - required: - - operator - - scopeName - type: object - type: array - type: object - scopes: - description: A collection of filters that must match each object - tracked by a quota. If not specified, the quota matches all objects. - items: - description: A ResourceQuotaScope defines a filter that must match - each object tracked by a quota - type: string - type: array - type: object - selector: - description: Selector is the selector used to match projects. It should - only select active projects on the scale of dozens (though it can - select many more less active projects). These projects will contend - on object creation through this resource. - properties: - annotations: - additionalProperties: - type: string - description: AnnotationSelector is used to select projects by annotation. - nullable: true - type: object - labels: - description: LabelSelector is used to select projects by label. - nullable: true - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the - key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: operator represents a key's relationship - to a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. - type: string - values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a - strategic merge patch. - items: + scopeName: + description: The name of the scope that the selector + applies to. type: string - type: array - required: - - key - - operator - type: object - type: array - matchLabels: - additionalProperties: - type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. - type: object - type: object - type: object - required: - - quota - - selector - type: object - status: - description: Status defines the actual enforced quota and its current usage - properties: - namespaces: - description: Namespaces slices the usage by project. This division - allows for quick resolution of deletion reconciliation inside of a - single project without requiring a recalculation across all projects. This - can be used to pull the deltas for a given project. - items: - description: ResourceQuotaStatusByNamespace gives status for a particular - project + values: + description: An array of string values. If the operator + is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during + a strategic merge patch. + type: array + items: + type: string + scopes: + description: A collection of filters that must match each object + tracked by a quota. If not specified, the quota matches all + objects. + type: array + items: + description: A ResourceQuotaScope defines a filter that must + match each object tracked by a quota + type: string + selector: + description: Selector is the selector used to match projects. It should + only select active projects on the scale of dozens (though it can + select many more less active projects). These projects will contend + on object creation through this resource. + type: object properties: - namespace: - description: Namespace the project this status applies to - type: string - status: - description: Status indicates how many resources have been consumed - by this project + annotations: + description: AnnotationSelector is used to select projects by + annotation. + type: object + additionalProperties: + type: string + nullable: true + labels: + description: LabelSelector is used to select projects by label. + type: object properties: - hard: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Hard is the set of enforced hard limits for - each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + type: array + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + type: object + required: + - key + - operator + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + type: array + items: + type: string + matchLabels: + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. type: object - used: additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Used is the current observed total usage of the - resource in the namespace. - type: object - type: object - required: - - namespace - - status - type: object - nullable: true - type: array - total: - description: Total defines the actual enforced quota and its current - usage across all projects - properties: - hard: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Hard is the set of enforced hard limits for each named - resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' - type: object - used: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: Used is the current observed total usage of the resource - in the namespace. + type: string + nullable: true + status: + description: Status defines the actual enforced quota and its current + usage + type: object + required: + - total + properties: + namespaces: + description: Namespaces slices the usage by project. This division + allows for quick resolution of deletion reconciliation inside of + a single project without requiring a recalculation across all projects. This + can be used to pull the deltas for a given project. + type: array + items: + description: ResourceQuotaStatusByNamespace gives status for a particular + project type: object - type: object - required: - - total - type: object - required: - - metadata - - spec - type: object - versions: - - name: v1 + required: + - namespace + - status + properties: + namespace: + description: Namespace the project this status applies to + type: string + status: + description: Status indicates how many resources have been consumed + by this project + type: object + properties: + hard: + description: 'Hard is the set of enforced hard limits for + each named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + used: + description: Used is the current observed total usage of + the resource in the namespace. + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + nullable: true + total: + description: Total defines the actual enforced quota and its current + usage across all projects + type: object + properties: + hard: + description: 'Hard is the set of enforced hard limits for each + named resource. More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/' + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true + used: + description: Used is the current observed total usage of the resource + in the namespace. + type: object + additionalProperties: + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + anyOf: + - type: integer + - type: string + x-kubernetes-int-or-string: true served: true storage: true + subresources: + status: {} diff --git a/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml-merge-patch b/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml-merge-patch deleted file mode 100644 index 1897fdbee9ed..000000000000 --- a/vendor/github.com/openshift/api/quota/v1/0000_03_quota-openshift_01_clusterresourcequota.crd.yaml-merge-patch +++ /dev/null @@ -1,13 +0,0 @@ -spec: - validation: - openAPIV3Schema: - properties: - spec: - properties: - quota: - properties: - hard: - additionalProperties: - type: "" - x-kubernetes-int-or-string: true - diff --git a/vendor/github.com/openshift/library-go/pkg/image/imageutil/helpers.go b/vendor/github.com/openshift/library-go/pkg/image/imageutil/helpers.go index d35c052f37c6..24b8533f134c 100644 --- a/vendor/github.com/openshift/library-go/pkg/image/imageutil/helpers.go +++ b/vendor/github.com/openshift/library-go/pkg/image/imageutil/helpers.go @@ -222,6 +222,16 @@ func PrioritizeTags(tags []string) { } } +// SpecHasTag returns named tag from image stream's spec and boolean whether one was found. +func SpecHasTag(stream *imagev1.ImageStream, name string) (imagev1.TagReference, bool) { + for _, tag := range stream.Spec.Tags { + if tag.Name == name { + return tag, true + } + } + return imagev1.TagReference{}, false +} + // StatusHasTag returns named tag from image stream's status and boolean whether one was found. func StatusHasTag(stream *imagev1.ImageStream, name string) (imagev1.NamedTagEventList, bool) { for _, tag := range stream.Status.Tags { @@ -286,10 +296,149 @@ func ImageWithMetadataOrDie(image *imagev1.Image) { } } +// TagReferencesLocalTag returns true if the provided tag reference references another image stream tag +// in the current image stream. This is only true when from points to an ImageStreamTag without a colon +// or from.name is :. +func TagReferencesLocalTag(stream *imagev1.ImageStream, tag imagev1.TagReference) (string, bool) { + if tag.From == nil || tag.From.Kind != "ImageStreamTag" { + return "", false + } + if len(tag.From.Namespace) > 0 && tag.From.Namespace != stream.Namespace { + return "", false + } + ref := strings.TrimPrefix(tag.From.Name, stream.Name+":") + if strings.Contains(ref, ":") { + return "", false + } + return ref, true +} + +var ( + // ErrNoStreamRepository is returned if the status dockerImageRepository field was unset but the + // method required that value to create a pull spec. + ErrNoStreamRepository = fmt.Errorf("no image repository has been set on the image stream status") + // ErrWaitForPullSpec is returned when a pull spec cannot be inferred from the image stream automatically + // and the user requires a valid image tag. + ErrWaitForPullSpec = fmt.Errorf("the pull spec cannot be determined yet") +) + +// ResolveNewestPullSpecForTag returns the most recent available pull spec for the given tag, even +// if importing that pull spec is still in progress or has failed. Use this method when the current +// state of the tag as the user sees it is important because you don't want to silently ignore a +// newer tag request that hasn't yet been imported. Note that if no image has been tagged or pushed, +// pullSpec will still be returned pointing to the pull spec for the tag within the image repository +// (: unless defaultExternal is set) and isTagEmpty will be true. +// hasStatus is true if the returned pull spec points to an imported / pushed image, or false if +// a spec tag has not been specified, the spec tag hasn't been imported, or the import has failed. +// An error is returned only if isTagEmpty is true and status.dockerImageRepository is unset because +// the administrator has not installed a registry server. +// +// Use this method when you need the user intent pull spec and you do not want to tolerate a slightly +// older image (tooling that needs to error if the user's intent in tagging isn't realized). +func ResolveNewestPullSpecForTag(stream *imagev1.ImageStream, tag string, defaultExternal bool) (pullSpec string, hasStatus, isTagEmpty bool, err error) { + pullSpec, _, hasStatus, isTagEmpty, err = resolvePullSpecForTag(stream, tag, defaultExternal, true) + return pullSpec, hasStatus, isTagEmpty, err +} + +// ResolveRecentPullSpecForTag returns the most recent successfully imported pull sec for the +// given tag, i.e. "last-known-good". Use this method when you can tolerate some lag in picking up +// the newest version. This method is roughly equivalent to the behavior of pulling the pod from +// the internal registry. If no image has been tagged or pushed, pullSpec will still be returned +// pointing to the pull spec for the tag within the image repository +// (: unless defaultExternal is set) and isTagEmpty will be true. +// hasNewer is true if the pull spec does not represent the newest user input, or false if the +// current user spec tag has been imported successfully. hasStatus is true if the returned pull +// spec points to an imported / pushed image, or false if a spec tag has not been specified, the +// spec tag hasn't been imported, or the import has failed. An error is returned only if isTagEmpty +// is true and status.dockerImageRepository is unset because the administrator has not installed a +// registry server. +// +// This method is typically used by consumers that need the value at the tag and prefer to have a +// slightly older image over not getting any image at all (or if the image can't be imported +// due to temporary network or controller issues). +func ResolveRecentPullSpecForTag(stream *imagev1.ImageStream, tag string, defaultExternal bool) (pullSpec string, hasNewer, hasStatus, isTagEmpty bool, err error) { + pullSpec, hasNewer, hasStatus, isTagEmpty, err = resolvePullSpecForTag(stream, tag, defaultExternal, false) + return pullSpec, hasNewer, hasStatus, isTagEmpty, err +} + +// resolvePullSpecForTag handles finding the most accurate pull spec depending on whether the user +// requires the latest or simply wants the most recent imported version (ignores pending imports). +// If a pull spec cannot be inferred an error is returned. Otherwise the following status values are +// returned: +// +// * hasNewer - a newer version of this tag is being imported but is not ready +// * hasStatus - this pull spec points to the latest image in the status (has been imported / pushed) +// * isTagEmpty - no pull spec or push has occurred to this tag, but it's still possible to get a pull spec +// +// defaultExternal is considered when isTagEmpty is true (no user input provided) and calculates the pull +// spec from the external repository base (status.publicDockerImageRepository) if it is set. +func resolvePullSpecForTag(stream *imagev1.ImageStream, tag string, defaultExternal, requireLatest bool) (pullSpec string, hasNewer, hasStatus, isTagEmpty bool, err error) { + if len(tag) == 0 { + tag = imagev1.DefaultImageTag + } + status, _ := StatusHasTag(stream, tag) + spec, hasSpec := SpecHasTag(stream, tag) + hasSpecTagRef := hasSpec && spec.From != nil && spec.From.Kind == "DockerImage" && spec.ReferencePolicy.Type == imagev1.SourceTagReferencePolicy + + var event *imagev1.TagEvent + switch { + case len(status.Items) == 0: + // nothing in status: + // - waiting for import of first image (generation of spec > status) + // - spec is empty + // - spec is a ref tag to something else that hasn't been imported yet + // - spec is a ref tag to another spec tag on this same image stream that doesn't exist + + case hasSpec && spec.Generation != nil && *spec.Generation > status.Items[0].Generation: + // waiting for import because spec generation is newer and had a previous image + if requireLatest { + // note: if spec tag doesn't have a DockerImage kind, we'll have to wait for whatever + // logic is necessary for import to run (this could happen if a new Kind is introduced) + if !hasSpecTagRef { + return "", hasNewer, false, false, ErrWaitForPullSpec + } + } else { + event = &status.Items[0] + hasNewer = true + } + default: + // this is the latest version of the image + event = &status.Items[0] + } + + switch { + case event != nil: + hasStatus = true + pullSpec = resolveReferenceForTagEvent(stream, spec, event) + case hasSpecTagRef: + // if the user explicitly provided a spec tag we can use + pullSpec = resolveReferenceForTagEvent(stream, spec, &imagev1.TagEvent{ + DockerImageReference: spec.From.Name, + }) + default: + isTagEmpty = true + repositorySpec := stream.Status.DockerImageRepository + if defaultExternal && len(stream.Status.PublicDockerImageRepository) > 0 { + repositorySpec = stream.Status.PublicDockerImageRepository + } + if len(repositorySpec) == 0 { + return "", false, false, false, ErrNoStreamRepository + } + pullSpec = JoinImageStreamTag(repositorySpec, tag) + } + return pullSpec, hasNewer, hasStatus, isTagEmpty, nil +} + // ResolveLatestTaggedImage returns the appropriate pull spec for a given tag in // the image stream, handling the tag's reference policy if necessary to return // a resolved image. Callers that transform an ImageStreamTag into a pull spec -// should use this method instead of LatestTaggedImage. +// should use this method instead of LatestTaggedImage. This method ignores pending +// imports (meaning the requested image may be stale) and will return no pull spec +// even if one is available on the spec tag (when importing kind DockerImage) if +// import has not completed. +// +// Use ResolvePullSpecForTag() if you wish more control over what type of pull spec +// is returned and what scenarios should be handled. func ResolveLatestTaggedImage(stream *imagev1.ImageStream, tag string) (string, bool) { if len(tag) == 0 { tag = imagev1.DefaultImageTag @@ -300,31 +449,21 @@ func ResolveLatestTaggedImage(stream *imagev1.ImageStream, tag string) (string, // ResolveTagReference applies the tag reference rules for a stream, tag, and tag event for // that tag. It returns true if the tag is func resolveTagReference(stream *imagev1.ImageStream, tag string, latest *imagev1.TagEvent) (string, bool) { + // no image has been imported, so we can't resolve to a tagged image (we need an image id) if latest == nil { return "", false } - return resolveReferenceForTagEvent(stream, tag, latest), true -} - -// SpecHasTag returns named tag from image stream's spec and boolean whether one was found. -func SpecHasTag(stream *imagev1.ImageStream, name string) (imagev1.TagReference, bool) { - for _, tag := range stream.Spec.Tags { - if tag.Name == name { - return tag, true - } - } - return imagev1.TagReference{}, false -} - -// ResolveReferenceForTagEvent applies the tag reference rules for a stream, tag, and tag event for -// that tag. -func resolveReferenceForTagEvent(stream *imagev1.ImageStream, tag string, latest *imagev1.TagEvent) string { // retrieve spec policy - if not found, we use the latest spec ref, ok := SpecHasTag(stream, tag) if !ok { - return latest.DockerImageReference + return latest.DockerImageReference, true } + return resolveReferenceForTagEvent(stream, ref, latest), true +} +// resolveReferenceForTagEvent applies the tag reference rules for a stream, tag, and tag event for +// that tag. +func resolveReferenceForTagEvent(stream *imagev1.ImageStream, ref imagev1.TagReference, latest *imagev1.TagEvent) string { switch ref.ReferencePolicy.Type { // the local reference policy attempts to use image pull through on the integrated // registry if possible diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/core.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/core.go index a8e5f25f1fdc..854e29f596c1 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/core.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/core.go @@ -13,6 +13,7 @@ import ( "k8s.io/apimachinery/pkg/api/equality" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/sets" coreclientv1 "k8s.io/client-go/kubernetes/typed/core/v1" "github.com/openshift/library-go/pkg/operator/events" @@ -327,25 +328,41 @@ func ApplySecret(client coreclientv1.SecretsGetter, recorder events.Recorder, re return actual, true, err } +// SyncConfigMap applies a ConfigMap from a location `sourceNamespace/sourceName` to `targetNamespace/targetName` func SyncConfigMap(client coreclientv1.ConfigMapsGetter, recorder events.Recorder, sourceNamespace, sourceName, targetNamespace, targetName string, ownerRefs []metav1.OwnerReference) (*corev1.ConfigMap, bool, error) { + return SyncPartialConfigMap(client, recorder, sourceNamespace, sourceName, targetNamespace, targetName, nil, ownerRefs) +} + +// SyncPartialConfigMap does what SyncConfigMap does but it only synchronizes a subset of keys given by `syncedKeys`. +// SyncPartialConfigMap will delete the target if `syncedKeys` are set but the source does not contain any of these keys. +func SyncPartialConfigMap(client coreclientv1.ConfigMapsGetter, recorder events.Recorder, sourceNamespace, sourceName, targetNamespace, targetName string, syncedKeys sets.String, ownerRefs []metav1.OwnerReference) (*corev1.ConfigMap, bool, error) { source, err := client.ConfigMaps(sourceNamespace).Get(context.TODO(), sourceName, metav1.GetOptions{}) switch { case apierrors.IsNotFound(err): - deleteErr := client.ConfigMaps(targetNamespace).Delete(context.TODO(), targetName, metav1.DeleteOptions{}) - if _, getErr := client.ConfigMaps(targetNamespace).Get(context.TODO(), targetName, metav1.GetOptions{}); getErr != nil && apierrors.IsNotFound(getErr) { - return nil, true, nil - } - if apierrors.IsNotFound(deleteErr) { - return nil, false, nil - } - if deleteErr == nil { - recorder.Eventf("TargetConfigDeleted", "Deleted target configmap %s/%s because source config does not exist", targetNamespace, targetName) - return nil, true, nil - } - return nil, false, deleteErr + modified, err := deleteConfigMapSyncTarget(client, recorder, targetNamespace, targetName) + return nil, modified, err case err != nil: return nil, false, err default: + if len(syncedKeys) > 0 { + for sourceKey := range source.Data { + if !syncedKeys.Has(sourceKey) { + delete(source.Data, sourceKey) + } + } + for sourceKey := range source.BinaryData { + if !syncedKeys.Has(sourceKey) { + delete(source.BinaryData, sourceKey) + } + } + + // remove the synced CM if the requested fields are not present in source + if len(source.Data)+len(source.BinaryData) == 0 { + modified, err := deleteConfigMapSyncTarget(client, recorder, targetNamespace, targetName) + return nil, modified, err + } + } + source.Namespace = targetNamespace source.Name = targetName source.ResourceVersion = "" @@ -354,22 +371,31 @@ func SyncConfigMap(client coreclientv1.ConfigMapsGetter, recorder events.Recorde } } +func deleteConfigMapSyncTarget(client coreclientv1.ConfigMapsGetter, recorder events.Recorder, targetNamespace, targetName string) (bool, error) { + err := client.ConfigMaps(targetNamespace).Delete(context.TODO(), targetName, metav1.DeleteOptions{}) + if apierrors.IsNotFound(err) { + return false, nil + } + if err == nil { + recorder.Eventf("TargetConfigDeleted", "Deleted target configmap %s/%s because source config does not exist", targetNamespace, targetName) + return true, nil + } + return false, err +} + +// SyncSecret applies a Secret from a location `sourceNamespace/sourceName` to `targetNamespace/targetName` func SyncSecret(client coreclientv1.SecretsGetter, recorder events.Recorder, sourceNamespace, sourceName, targetNamespace, targetName string, ownerRefs []metav1.OwnerReference) (*corev1.Secret, bool, error) { + return SyncPartialSecret(client, recorder, sourceNamespace, sourceName, targetNamespace, targetName, nil, ownerRefs) +} + +// SyncPartialSecret does what SyncSecret does but it only synchronizes a subset of keys given by `syncedKeys`. +// SyncPartialSecret will delete the target if `syncedKeys` are set but the source does not contain any of these keys. +func SyncPartialSecret(client coreclientv1.SecretsGetter, recorder events.Recorder, sourceNamespace, sourceName, targetNamespace, targetName string, syncedKeys sets.String, ownerRefs []metav1.OwnerReference) (*corev1.Secret, bool, error) { source, err := client.Secrets(sourceNamespace).Get(context.TODO(), sourceName, metav1.GetOptions{}) switch { case apierrors.IsNotFound(err): - if _, getErr := client.Secrets(targetNamespace).Get(context.TODO(), targetName, metav1.GetOptions{}); getErr != nil && apierrors.IsNotFound(getErr) { - return nil, true, nil - } - deleteErr := client.Secrets(targetNamespace).Delete(context.TODO(), targetName, metav1.DeleteOptions{}) - if apierrors.IsNotFound(deleteErr) { - return nil, false, nil - } - if deleteErr == nil { - recorder.Eventf("TargetSecretDeleted", "Deleted target secret %s/%s because source config does not exist", targetNamespace, targetName) - return nil, true, nil - } - return nil, false, deleteErr + modified, err := deleteSecretSyncTarget(client, recorder, targetNamespace, targetName) + return nil, modified, err case err != nil: return nil, false, err default: @@ -391,6 +417,25 @@ func SyncSecret(client coreclientv1.SecretsGetter, recorder events.Recorder, sou source.Type = corev1.SecretTypeOpaque } + if len(syncedKeys) > 0 { + for sourceKey := range source.Data { + if !syncedKeys.Has(sourceKey) { + delete(source.Data, sourceKey) + } + } + for sourceKey := range source.StringData { + if !syncedKeys.Has(sourceKey) { + delete(source.StringData, sourceKey) + } + } + + // remove the synced secret if the requested fields are not present in source + if len(source.Data)+len(source.StringData) == 0 { + modified, err := deleteSecretSyncTarget(client, recorder, targetNamespace, targetName) + return nil, modified, err + } + } + source.Namespace = targetNamespace source.Name = targetName source.ResourceVersion = "" @@ -398,3 +443,15 @@ func SyncSecret(client coreclientv1.SecretsGetter, recorder events.Recorder, sou return ApplySecret(client, recorder, source) } } + +func deleteSecretSyncTarget(client coreclientv1.SecretsGetter, recorder events.Recorder, targetNamespace, targetName string) (bool, error) { + err := client.Secrets(targetNamespace).Delete(context.TODO(), targetName, metav1.DeleteOptions{}) + if apierrors.IsNotFound(err) { + return false, nil + } + if err == nil { + recorder.Eventf("TargetSecretDeleted", "Deleted target secret %s/%s because source config does not exist", targetNamespace, targetName) + return true, nil + } + return false, err +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/monitoring.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/monitoring.go index 4f333b8adaf3..f929481fe5f0 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/monitoring.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/monitoring.go @@ -3,23 +3,22 @@ package resourceapply import ( "context" - "github.com/imdario/mergo" - "k8s.io/klog/v2" - + "github.com/openshift/library-go/pkg/operator/events" "k8s.io/apimachinery/pkg/api/equality" "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/client-go/dynamic" - - "github.com/openshift/library-go/pkg/operator/events" + "k8s.io/klog/v2" ) var serviceMonitorGVR = schema.GroupVersionResource{Group: "monitoring.coreos.com", Version: "v1", Resource: "servicemonitors"} -func ensureGenericSpec(required, existing *unstructured.Unstructured) (*unstructured.Unstructured, bool, error) { - requiredSpec, _, err := unstructured.NestedMap(required.UnstructuredContent(), "spec") +func ensureGenericSpec(required, existing *unstructured.Unstructured, mimicDefaultingFn mimicDefaultingFunc, equalityChecker equalityChecker) (*unstructured.Unstructured, bool, error) { + requiredCopy := required.DeepCopy() + mimicDefaultingFn(requiredCopy) + requiredSpec, _, err := unstructured.NestedMap(requiredCopy.UnstructuredContent(), "spec") if err != nil { return nil, false, err } @@ -28,22 +27,33 @@ func ensureGenericSpec(required, existing *unstructured.Unstructured) (*unstruct return nil, false, err } - if err := mergo.Merge(&existingSpec, &requiredSpec); err != nil { - return nil, false, err - } - - if equality.Semantic.DeepEqual(existingSpec, requiredSpec) { + if equalityChecker.DeepEqual(existingSpec, requiredSpec) { return existing, false, nil } existingCopy := existing.DeepCopy() - if err := unstructured.SetNestedMap(existingCopy.UnstructuredContent(), existingSpec, "spec"); err != nil { + if err := unstructured.SetNestedMap(existingCopy.UnstructuredContent(), requiredSpec, "spec"); err != nil { return nil, true, err } return existingCopy, true, nil } +// mimicDefaultingFunc is used to set fields that are defaulted. This allows for sparse manifests to apply correctly. +// For instance, if field .spec.foo is set to 10 if not set, then a function of this type could be used to set +// the field to 10 to match the comparison. This is soemtimes (often?) easier than updating the semantic equality. +// We often see this in places like RBAC and CRD. Logically it can happen generically too. +type mimicDefaultingFunc func(obj *unstructured.Unstructured) + +func noDefaulting(obj *unstructured.Unstructured) {} + +// equalityChecker allows for custom equality comparisons. This can be used to allow equality checks to skip certain +// operator managed fields. This capability allows something like .spec.scale to be specified or changed by a component +// like HPA. Use this capability sparingly. Most places ought to just use `equality.Semantic` +type equalityChecker interface { + DeepEqual(a1, a2 interface{}) bool +} + // ApplyServiceMonitor applies the Prometheus service monitor. func ApplyServiceMonitor(client dynamic.Interface, recorder events.Recorder, required *unstructured.Unstructured) (*unstructured.Unstructured, bool, error) { namespace := required.GetNamespace() @@ -64,20 +74,20 @@ func ApplyServiceMonitor(client dynamic.Interface, recorder events.Recorder, req existingCopy := existing.DeepCopy() - updated, endpointsModified, err := ensureGenericSpec(required, existingCopy) + toUpdate, modified, err := ensureGenericSpec(required, existingCopy, noDefaulting, equality.Semantic) if err != nil { return nil, false, err } - if !endpointsModified { + if !modified { return nil, false, nil } if klog.V(4).Enabled() { - klog.Infof("ServiceMonitor %q changes: %v", namespace+"/"+required.GetName(), JSONPatchNoError(existing, existingCopy)) + klog.Infof("ServiceMonitor %q changes: %v", namespace+"/"+required.GetName(), JSONPatchNoError(existing, toUpdate)) } - newObj, err := client.Resource(serviceMonitorGVR).Namespace(namespace).Update(context.TODO(), updated, metav1.UpdateOptions{}) + newObj, err := client.Resource(serviceMonitorGVR).Namespace(namespace).Update(context.TODO(), toUpdate, metav1.UpdateOptions{}) if err != nil { recorder.Warningf("ServiceMonitorUpdateFailed", "Failed to update ServiceMonitor.monitoring.coreos.com/v1: %v", err) return nil, true, err @@ -109,20 +119,20 @@ func ApplyPrometheusRule(client dynamic.Interface, recorder events.Recorder, req existingCopy := existing.DeepCopy() - updated, endpointsModified, err := ensureGenericSpec(required, existingCopy) + toUpdate, modified, err := ensureGenericSpec(required, existingCopy, noDefaulting, equality.Semantic) if err != nil { return nil, false, err } - if !endpointsModified { + if !modified { return nil, false, nil } if klog.V(4).Enabled() { - klog.Infof("PrometheusRule %q changes: %v", namespace+"/"+required.GetName(), JSONPatchNoError(existing, existingCopy)) + klog.Infof("PrometheusRule %q changes: %v", namespace+"/"+required.GetName(), JSONPatchNoError(existing, toUpdate)) } - newObj, err := client.Resource(prometheusRuleGVR).Namespace(namespace).Update(context.TODO(), updated, metav1.UpdateOptions{}) + newObj, err := client.Resource(prometheusRuleGVR).Namespace(namespace).Update(context.TODO(), toUpdate, metav1.UpdateOptions{}) if err != nil { recorder.Warningf("PrometheusRuleUpdateFailed", "Failed to update PrometheusRule.monitoring.coreos.com/v1: %v", err) return nil, true, err diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/unstructured.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/unstructured.go index 9c095e4950ac..a18447423b1e 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/unstructured.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/unstructured.go @@ -17,6 +17,8 @@ func ApplyKnownUnstructured(client dynamic.Interface, recorder events.Recorder, return ApplyServiceMonitor(client, recorder, obj) case schema.GroupKind{Group: "monitoring.coreos.com", Kind: "PrometheusRule"}: return ApplyPrometheusRule(client, recorder, obj) + case schema.GroupKind{Group: "snapshot.storage.k8s.io", Kind: "VolumeSnapshotClass"}: + return ApplyVolumeSnapshotClass(client, recorder, obj) } diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/volumesnapshotclass.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/volumesnapshotclass.go new file mode 100644 index 000000000000..c3e557e48e50 --- /dev/null +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourceapply/volumesnapshotclass.go @@ -0,0 +1,116 @@ +package resourceapply + +import ( + "context" + + "k8s.io/klog/v2" + + "k8s.io/apimachinery/pkg/api/equality" + "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/client-go/dynamic" + + "github.com/openshift/library-go/pkg/operator/events" +) + +const ( + VolumeSnapshotClassGroup = "snapshot.storage.k8s.io" + VolumeSnapshotClassVersion = "v1" + VolumeSnapshotClassResource = "volumesnapshotclasses" +) + +var volumeSnapshotClassResourceGVR schema.GroupVersionResource = schema.GroupVersionResource{ + Group: VolumeSnapshotClassGroup, + Version: VolumeSnapshotClassVersion, + Resource: VolumeSnapshotClassResource, +} + +func ensureGenericVolumeSnapshotClass(required, existing *unstructured.Unstructured) (*unstructured.Unstructured, bool, error) { + var existingCopy *unstructured.Unstructured + + // Apply "parameters" + requiredParameters, _, err := unstructured.NestedMap(required.UnstructuredContent(), "parameters") + if err != nil { + return nil, false, err + } + existingParameters, _, err := unstructured.NestedMap(existing.UnstructuredContent(), "parameters") + if err != nil { + return nil, false, err + } + if !equality.Semantic.DeepEqual(existingParameters, requiredParameters) { + if existingCopy == nil { + existingCopy = existing.DeepCopy() + } + if err := unstructured.SetNestedMap(existingCopy.UnstructuredContent(), requiredParameters, "parameters"); err != nil { + return nil, true, err + } + } + + // Apply "driver" and "deletionPolicy" + for _, fieldName := range []string{"driver", "deletionPolicy"} { + requiredField, _, err := unstructured.NestedString(required.UnstructuredContent(), fieldName) + if err != nil { + return nil, false, err + } + existingField, _, err := unstructured.NestedString(existing.UnstructuredContent(), fieldName) + if err != nil { + return nil, false, err + } + if requiredField != existingField { + if existingCopy == nil { + existingCopy = existing.DeepCopy() + } + if err := unstructured.SetNestedField(existingCopy.UnstructuredContent(), requiredField, fieldName); err != nil { + return nil, true, err + } + } + } + + // If existingCopy is not nil, then the object has been modified + if existingCopy != nil { + return existingCopy, true, nil + } + + return existing, false, nil +} + +// ApplyVolumeSnapshotClass applies Volume Snapshot Class. +func ApplyVolumeSnapshotClass(client dynamic.Interface, recorder events.Recorder, required *unstructured.Unstructured) (*unstructured.Unstructured, bool, error) { + existing, err := client.Resource(volumeSnapshotClassResourceGVR).Get(context.TODO(), required.GetName(), metav1.GetOptions{}) + if errors.IsNotFound(err) { + newObj, createErr := client.Resource(volumeSnapshotClassResourceGVR).Create(context.TODO(), required, metav1.CreateOptions{}) + if createErr != nil { + recorder.Warningf("VolumeSnapshotClassCreateFailed", "Failed to create VolumeSnapshotClass.snapshot.storage.k8s.io/v1: %v", createErr) + return nil, true, createErr + } + recorder.Eventf("VolumeSnapshotClassCreated", "Created VolumeSnapshotClass.snapshot.storage.k8s.io/v1 because it was missing") + return newObj, true, nil + } + if err != nil { + return nil, false, err + } + + toUpdate, modified, err := ensureGenericVolumeSnapshotClass(required, existing) + if err != nil { + return nil, false, err + } + + if !modified { + return existing, false, nil + } + + if klog.V(4).Enabled() { + klog.Infof("VolumeSnapshotClass %q changes: %v", required.GetName(), JSONPatchNoError(existing, toUpdate)) + } + + newObj, err := client.Resource(volumeSnapshotClassResourceGVR).Update(context.TODO(), toUpdate, metav1.UpdateOptions{}) + if err != nil { + recorder.Warningf("VolumeSnapshotClassFailed", "Failed to update VolumeSnapshotClass.snapshot.storage.k8s.io/v1: %v", err) + return nil, true, err + } + + recorder.Eventf("VolumeSnapshotClassUpdated", "Updated VolumeSnapshotClass.snapshot.storage.k8s.io/v1 because it changed") + return newObj, true, err +} diff --git a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourcemerge/apiextensions.go b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourcemerge/apiextensions.go index 06e4743f47aa..754a5aabe899 100644 --- a/vendor/github.com/openshift/library-go/pkg/operator/resource/resourcemerge/apiextensions.go +++ b/vendor/github.com/openshift/library-go/pkg/operator/resource/resourcemerge/apiextensions.go @@ -1,9 +1,12 @@ package resourcemerge import ( + "strings" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" apiextensionsv1beta1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1" "k8s.io/apimachinery/pkg/api/equality" + utilpointer "k8s.io/utils/pointer" ) // EnsureCustomResourceDefinitionV1Beta1 ensures that the existing matches the required. @@ -23,9 +26,43 @@ func EnsureCustomResourceDefinitionV1Beta1(modified *bool, existing *apiextensio func EnsureCustomResourceDefinitionV1(modified *bool, existing *apiextensionsv1.CustomResourceDefinition, required apiextensionsv1.CustomResourceDefinition) { EnsureObjectMeta(modified, &existing.ObjectMeta, required.ObjectMeta) + // we need to match defaults + mimicCRDV1Defaulting(&required) // we stomp everything if !equality.Semantic.DeepEqual(existing.Spec, required.Spec) { *modified = true existing.Spec = required.Spec } } + +func mimicCRDV1Defaulting(required *apiextensionsv1.CustomResourceDefinition) { + crd_SetDefaults_CustomResourceDefinitionSpec(&required.Spec) + + if required.Spec.Conversion != nil && + required.Spec.Conversion.Webhook != nil && + required.Spec.Conversion.Webhook.ClientConfig != nil && + required.Spec.Conversion.Webhook.ClientConfig.Service != nil { + crd_SetDefaults_ServiceReference(required.Spec.Conversion.Webhook.ClientConfig.Service) + } +} + +// lifted from https://github.com/kubernetes/kubernetes/blob/v1.21.0/staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/defaults.go#L42-L61 +func crd_SetDefaults_CustomResourceDefinitionSpec(obj *apiextensionsv1.CustomResourceDefinitionSpec) { + if len(obj.Names.Singular) == 0 { + obj.Names.Singular = strings.ToLower(obj.Names.Kind) + } + if len(obj.Names.ListKind) == 0 && len(obj.Names.Kind) > 0 { + obj.Names.ListKind = obj.Names.Kind + "List" + } + if obj.Conversion == nil { + obj.Conversion = &apiextensionsv1.CustomResourceConversion{ + Strategy: apiextensionsv1.NoneConverter, + } + } +} + +func crd_SetDefaults_ServiceReference(obj *apiextensionsv1.ServiceReference) { + if obj.Port == nil { + obj.Port = utilpointer.Int32Ptr(443) + } +} diff --git a/vendor/k8s.io/kubernetes/test/e2e/network/netpol/network_policy.go b/vendor/k8s.io/kubernetes/test/e2e/network/netpol/network_policy.go index f254e39bb5f4..a951687084bc 100644 --- a/vendor/k8s.io/kubernetes/test/e2e/network/netpol/network_policy.go +++ b/vendor/k8s.io/kubernetes/test/e2e/network/netpol/network_policy.go @@ -641,7 +641,7 @@ var _ = common.SIGDescribe("Netpol [LinuxOnly]", func() { }, { Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, + Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 5353}, }, }, }, diff --git a/vendor/k8s.io/kubernetes/test/e2e/network/netpol/policies.go b/vendor/k8s.io/kubernetes/test/e2e/network/netpol/policies.go index f08fb84fdf1e..b0403f14cf1d 100644 --- a/vendor/k8s.io/kubernetes/test/e2e/network/netpol/policies.go +++ b/vendor/k8s.io/kubernetes/test/e2e/network/netpol/policies.go @@ -170,7 +170,7 @@ func GetAllowEgressByPort(name string, port *intstr.IntOrString) *networkingv1.N {Port: port}, { Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, + Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 5353}, }, }, }, @@ -208,7 +208,7 @@ func GetDenyAllWithEgressDNS() *networkingv1.NetworkPolicy { Ports: []networkingv1.NetworkPolicyPort{ { Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, + Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 5353}, }, }, }, @@ -442,7 +442,7 @@ func GetAllowEgressByNamespaceAndPod(name string, targetLabels map[string]string Ports: []networkingv1.NetworkPolicyPort{ { Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, + Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 5353}, }, }, }, @@ -511,7 +511,7 @@ func GetAllowEgressByCIDR(podname string, podserverCIDR string) *networkingv1.Ne Ports: []networkingv1.NetworkPolicyPort{ { Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, + Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 5353}, }, }, }, @@ -550,7 +550,7 @@ func GetAllowEgressByCIDRExcept(podname string, podserverCIDR string, except []s Ports: []networkingv1.NetworkPolicyPort{ { Protocol: &protocolUDP, - Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 53}, + Port: &intstr.IntOrString{Type: intstr.Int, IntVal: 5353}, }, }, }, diff --git a/vendor/modules.txt b/vendor/modules.txt index 7d549982781f..9d2a3e848346 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -637,7 +637,7 @@ github.com/opencontainers/runtime-spec/specs-go github.com/opencontainers/selinux/go-selinux github.com/opencontainers/selinux/go-selinux/label github.com/opencontainers/selinux/pkg/pwalk -# github.com/openshift/api v0.0.0-20210423140644-156ca80f8d83 +# github.com/openshift/api v0.0.0-20210521075222-e273a339932a ## explicit github.com/openshift/api github.com/openshift/api/annotations @@ -700,7 +700,7 @@ github.com/openshift/api/template/v1 github.com/openshift/api/unidling/v1alpha1 github.com/openshift/api/user github.com/openshift/api/user/v1 -# github.com/openshift/apiserver-library-go v0.0.0-20210426120049-59b0e972bfb7 +# github.com/openshift/apiserver-library-go v0.0.0-20210521113822-91c23a9a7ddf ## explicit github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy github.com/openshift/apiserver-library-go/pkg/admission/imagepolicy/apis/imagepolicy/v1 @@ -730,7 +730,7 @@ github.com/openshift/build-machinery-go/make/targets/golang github.com/openshift/build-machinery-go/make/targets/openshift github.com/openshift/build-machinery-go/make/targets/openshift/operator github.com/openshift/build-machinery-go/scripts -# github.com/openshift/client-go v0.0.0-20210422153130-25c8450d1535 +# github.com/openshift/client-go v0.0.0-20210521082421-73d9475a9142 ## explicit github.com/openshift/client-go/apiserver/clientset/versioned/scheme github.com/openshift/client-go/apiserver/clientset/versioned/typed/apiserver/v1 @@ -799,7 +799,7 @@ github.com/openshift/client-go/user/informers/externalversions/internalinterface github.com/openshift/client-go/user/informers/externalversions/user github.com/openshift/client-go/user/informers/externalversions/user/v1 github.com/openshift/client-go/user/listers/user/v1 -# github.com/openshift/library-go v0.0.0-20210420183610-0e395da73318 +# github.com/openshift/library-go v0.0.0-20210521084623-7392ea9b02ca ## explicit github.com/openshift/library-go/pkg/apiserver/admission/admissionrestconfig github.com/openshift/library-go/pkg/apiserver/admission/admissiontimeout @@ -1400,7 +1400,7 @@ gopkg.in/warnings.v0 gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c gopkg.in/yaml.v3 -# k8s.io/api v0.21.0-rc.0 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20210429023751-daa555af5040 +# k8s.io/api v0.21.1 => github.com/openshift/kubernetes/staging/src/k8s.io/api v0.0.0-20210429023751-daa555af5040 ## explicit k8s.io/api/admission/v1 k8s.io/api/admission/v1beta1 @@ -1448,7 +1448,7 @@ k8s.io/api/scheduling/v1beta1 k8s.io/api/storage/v1 k8s.io/api/storage/v1alpha1 k8s.io/api/storage/v1beta1 -# k8s.io/apiextensions-apiserver v0.21.0-rc.0 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20210429023751-daa555af5040 +# k8s.io/apiextensions-apiserver v0.21.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiextensions-apiserver v0.0.0-20210429023751-daa555af5040 ## explicit k8s.io/apiextensions-apiserver/pkg/apihelpers k8s.io/apiextensions-apiserver/pkg/apis/apiextensions @@ -1492,7 +1492,7 @@ k8s.io/apiextensions-apiserver/pkg/registry/customresource/tableconvertor k8s.io/apiextensions-apiserver/pkg/registry/customresourcedefinition k8s.io/apiextensions-apiserver/test/integration k8s.io/apiextensions-apiserver/test/integration/fixtures -# k8s.io/apimachinery v0.21.0-rc.0 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20210429023751-daa555af5040 +# k8s.io/apimachinery v0.21.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apimachinery v0.0.0-20210429023751-daa555af5040 ## explicit k8s.io/apimachinery/pkg/api/apitesting k8s.io/apimachinery/pkg/api/equality @@ -1557,7 +1557,7 @@ k8s.io/apimachinery/pkg/watch k8s.io/apimachinery/third_party/forked/golang/json k8s.io/apimachinery/third_party/forked/golang/netutil k8s.io/apimachinery/third_party/forked/golang/reflect -# k8s.io/apiserver v0.21.0-rc.0 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20210429023751-daa555af5040 +# k8s.io/apiserver v0.21.1 => github.com/openshift/kubernetes/staging/src/k8s.io/apiserver v0.0.0-20210429023751-daa555af5040 ## explicit k8s.io/apiserver/pkg/admission k8s.io/apiserver/pkg/admission/configuration @@ -1703,7 +1703,7 @@ k8s.io/apiserver/plugin/pkg/authorizer/webhook k8s.io/cli-runtime/pkg/genericclioptions k8s.io/cli-runtime/pkg/printers k8s.io/cli-runtime/pkg/resource -# k8s.io/client-go v0.21.0-rc.0 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20210429023751-daa555af5040 +# k8s.io/client-go v0.21.1 => github.com/openshift/kubernetes/staging/src/k8s.io/client-go v0.0.0-20210429023751-daa555af5040 ## explicit k8s.io/client-go/applyconfigurations/admissionregistration/v1 k8s.io/client-go/applyconfigurations/admissionregistration/v1beta1 @@ -2009,7 +2009,7 @@ k8s.io/cluster-bootstrap/token/api k8s.io/cluster-bootstrap/token/util k8s.io/cluster-bootstrap/util/secrets k8s.io/cluster-bootstrap/util/tokens -# k8s.io/component-base v0.21.0-rc.0 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20210429023751-daa555af5040 +# k8s.io/component-base v0.21.1 => github.com/openshift/kubernetes/staging/src/k8s.io/component-base v0.0.0-20210429023751-daa555af5040 ## explicit k8s.io/component-base/cli/flag k8s.io/component-base/cli/globalflag @@ -2051,7 +2051,7 @@ k8s.io/csi-translation-lib/plugins # k8s.io/klog/v2 v2.8.0 ## explicit k8s.io/klog/v2 -# k8s.io/kube-aggregator v0.21.0-rc.0 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20210429023751-daa555af5040 +# k8s.io/kube-aggregator v0.21.1 => github.com/openshift/kubernetes/staging/src/k8s.io/kube-aggregator v0.0.0-20210429023751-daa555af5040 k8s.io/kube-aggregator/pkg/apis/apiregistration k8s.io/kube-aggregator/pkg/apis/apiregistration/install k8s.io/kube-aggregator/pkg/apis/apiregistration/v1 @@ -2137,7 +2137,7 @@ k8s.io/kubelet/pkg/apis/pluginregistration/v1 k8s.io/kubelet/pkg/apis/podresources/v1 k8s.io/kubelet/pkg/apis/podresources/v1alpha1 k8s.io/kubelet/pkg/apis/stats/v1alpha1 -# k8s.io/kubernetes v1.21.0-rc.0 => github.com/openshift/kubernetes v1.21.0-rc.0.0.20210518181655-9bec1e131ca5 +# k8s.io/kubernetes v1.21.1 => github.com/danwinship/kubernetes v1.1.0-alpha.0.0.20210525134331-1c8b0b88aba6 ## explicit k8s.io/kubernetes/cmd/kube-apiserver/app k8s.io/kubernetes/cmd/kube-apiserver/app/options @@ -3076,7 +3076,7 @@ sigs.k8s.io/yaml # k8s.io/kube-scheduler => github.com/openshift/kubernetes/staging/src/k8s.io/kube-scheduler v0.0.0-20210429023751-daa555af5040 # k8s.io/kubectl => github.com/openshift/kubernetes/staging/src/k8s.io/kubectl v0.0.0-20210429023751-daa555af5040 # k8s.io/kubelet => github.com/openshift/kubernetes/staging/src/k8s.io/kubelet v0.0.0-20210429023751-daa555af5040 -# k8s.io/kubernetes => github.com/openshift/kubernetes v1.21.0-rc.0.0.20210518181655-9bec1e131ca5 +# k8s.io/kubernetes => github.com/danwinship/kubernetes v1.1.0-alpha.0.0.20210525134331-1c8b0b88aba6 # k8s.io/legacy-cloud-providers => github.com/openshift/kubernetes/staging/src/k8s.io/legacy-cloud-providers v0.0.0-20210429023751-daa555af5040 # k8s.io/metrics => github.com/openshift/kubernetes/staging/src/k8s.io/metrics v0.0.0-20210429023751-daa555af5040 # k8s.io/mount-utils => github.com/openshift/kubernetes/staging/src/k8s.io/mount-utils v0.0.0-20210429023751-daa555af5040