From 7ed8dfb554ab22b36207f740529afe008d68faaa Mon Sep 17 00:00:00 2001 From: Sam Batschelet Date: Sun, 10 Mar 2024 22:11:30 -0400 Subject: [PATCH 1/5] machineconfiguration/v1alpha1: add PinnedImageSet Signed-off-by: Sam Batschelet --- ...80_pinnedimageset-CustomNoUpgrade.crd.yaml | 75 +++++++ ...nnedimageset-TechPreviewNoUpgrade.crd.yaml | 75 +++++++ .../custom.pinnedimageset.testsuite.yaml | 28 +++ machineconfiguration/v1alpha1/register.go | 2 + .../techpreview.pinnedimageset.testsuite.yaml | 28 +++ .../v1alpha1/types_pinnedimageset.go | 97 +++++++++ .../v1alpha1/zz_generated.deepcopy.go | 118 +++++++++++ ..._generated.featuregated-crd-manifests.yaml | 22 +++ .../PinnedImages.yaml | 72 +++++++ .../zz_generated.swagger_doc_generated.go | 44 +++++ .../generated_openapi/zz_generated.openapi.go | 187 ++++++++++++++++++ openapi/openapi.json | 102 ++++++++++ 12 files changed, 850 insertions(+) create mode 100644 machineconfiguration/v1alpha1/0000_80_pinnedimageset-CustomNoUpgrade.crd.yaml create mode 100644 machineconfiguration/v1alpha1/0000_80_pinnedimageset-TechPreviewNoUpgrade.crd.yaml create mode 100644 machineconfiguration/v1alpha1/custom.pinnedimageset.testsuite.yaml create mode 100644 machineconfiguration/v1alpha1/techpreview.pinnedimageset.testsuite.yaml create mode 100644 machineconfiguration/v1alpha1/types_pinnedimageset.go create mode 100644 machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests/pinnedimagesets.machineconfiguration.openshift.io/PinnedImages.yaml diff --git a/machineconfiguration/v1alpha1/0000_80_pinnedimageset-CustomNoUpgrade.crd.yaml b/machineconfiguration/v1alpha1/0000_80_pinnedimageset-CustomNoUpgrade.crd.yaml new file mode 100644 index 00000000000..1dbcebc21c7 --- /dev/null +++ b/machineconfiguration/v1alpha1/0000_80_pinnedimageset-CustomNoUpgrade.crd.yaml @@ -0,0 +1,75 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade + labels: + openshift.io/operator-managed: "" + name: pinnedimagesets.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: PinnedImageSet + listKind: PinnedImageSetList + plural: pinnedimagesets + singular: pinnedimageset + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "PinnedImageSet describes a set of images that should be pinned + by CRI-O and pulled to the nodes which are members of the declared MachineConfigPools. + \n Compatibility level 4: No compatibility is provided, the API can change + at any point for any reason. These capabilities should not be used by applications + needing long term support." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec describes the configuration of this pinned image set. + properties: + pinnedImages: + description: "pinnedImages is a list of OCI Image referenced by digest + that should be pinned and pre-loaded by the nodes of a MachineConfigPool. + Translates into a new file inside the /etc/crio/crio.conf.d directory + with content similar to this: \n pinned_images = [ \"quay.io/openshift-release-dev/ocp-release@sha256:...\", + \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\", \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\", + ... ] \n These image references should all be by digest, tags aren't + allowed." + items: + description: "PinnedImageRef is an OCI Image referenced by digest. + \n The format of the image ref is: host[:port][/namespace]/name@sha256:" + maxLength: 447 + minLength: 1 + type: string + x-kubernetes-validations: + - message: The image reference must be in the format host[:port][/namespace]/name@sha256: + with a valid SHA256 digest + rule: self.matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*@sha256:[a-f0-9]{64}$') + maxItems: 2000 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + required: + - pinnedImages + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/machineconfiguration/v1alpha1/0000_80_pinnedimageset-TechPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1alpha1/0000_80_pinnedimageset-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..d8b82d69ca4 --- /dev/null +++ b/machineconfiguration/v1alpha1/0000_80_pinnedimageset-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,75 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + labels: + openshift.io/operator-managed: "" + name: pinnedimagesets.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: PinnedImageSet + listKind: PinnedImageSetList + plural: pinnedimagesets + singular: pinnedimageset + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "PinnedImageSet describes a set of images that should be pinned + by CRI-O and pulled to the nodes which are members of the declared MachineConfigPools. + \n Compatibility level 4: No compatibility is provided, the API can change + at any point for any reason. These capabilities should not be used by applications + needing long term support." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec describes the configuration of this pinned image set. + properties: + pinnedImages: + description: "pinnedImages is a list of OCI Image referenced by digest + that should be pinned and pre-loaded by the nodes of a MachineConfigPool. + Translates into a new file inside the /etc/crio/crio.conf.d directory + with content similar to this: \n pinned_images = [ \"quay.io/openshift-release-dev/ocp-release@sha256:...\", + \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\", \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\", + ... ] \n These image references should all be by digest, tags aren't + allowed." + items: + description: "PinnedImageRef is an OCI Image referenced by digest. + \n The format of the image ref is: host[:port][/namespace]/name@sha256:" + maxLength: 447 + minLength: 1 + type: string + x-kubernetes-validations: + - message: The image reference must be in the format host[:port][/namespace]/name@sha256: + with a valid SHA256 digest + rule: self.matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*@sha256:[a-f0-9]{64}$') + maxItems: 2000 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + required: + - pinnedImages + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/machineconfiguration/v1alpha1/custom.pinnedimageset.testsuite.yaml b/machineconfiguration/v1alpha1/custom.pinnedimageset.testsuite.yaml new file mode 100644 index 00000000000..5a6c86a8e41 --- /dev/null +++ b/machineconfiguration/v1alpha1/custom.pinnedimageset.testsuite.yaml @@ -0,0 +1,28 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Custom] PinnedImageSet" +crd: 0000_80_pinnedimageset-TechPreviewNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal PinnedImageSet + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: PinnedImageSet + metadata: + name: test-pinnedimageset + spec: + pinnedImages: + - example.io/my-project/image-v1.0_23@sha256:2c3ea52ac3a41c6d58e85977c3149413e3fa4b70eb2397426456863adbf43306 + - example.com:5000/project/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890 + - example.com/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890 + - my-registry.local/project/my-image@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef + expected: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: PinnedImageSet + metadata: + name: test-pinnedimageset + spec: + pinnedImages: + - example.io/my-project/image-v1.0_23@sha256:2c3ea52ac3a41c6d58e85977c3149413e3fa4b70eb2397426456863adbf43306 + - example.com:5000/project/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890 + - example.com/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890 + - my-registry.local/project/my-image@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef \ No newline at end of file diff --git a/machineconfiguration/v1alpha1/register.go b/machineconfiguration/v1alpha1/register.go index b18dfac66ee..c60f521f940 100644 --- a/machineconfiguration/v1alpha1/register.go +++ b/machineconfiguration/v1alpha1/register.go @@ -26,6 +26,8 @@ func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(GroupVersion, &MachineConfigNode{}, &MachineConfigNodeList{}, + &PinnedImageSet{}, + &PinnedImageSetList{}, ) metav1.AddToGroupVersion(scheme, GroupVersion) return nil diff --git a/machineconfiguration/v1alpha1/techpreview.pinnedimageset.testsuite.yaml b/machineconfiguration/v1alpha1/techpreview.pinnedimageset.testsuite.yaml new file mode 100644 index 00000000000..18dadc607e7 --- /dev/null +++ b/machineconfiguration/v1alpha1/techpreview.pinnedimageset.testsuite.yaml @@ -0,0 +1,28 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[TechPreview] PinnedImageSet" +crd: 0000_80_pinnedimageset-TechPreviewNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal PinnedImageSet + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: PinnedImageSet + metadata: + name: test-pinnedimageset + spec: + pinnedImages: + - example.io/my-project/image-v1.0_23@sha256:2c3ea52ac3a41c6d58e85977c3149413e3fa4b70eb2397426456863adbf43306 + - example.com:5000/project/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890 + - example.com/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890 + - my-registry.local/project/my-image@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef + expected: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: PinnedImageSet + metadata: + name: test-pinnedimageset + spec: + pinnedImages: + - example.io/my-project/image-v1.0_23@sha256:2c3ea52ac3a41c6d58e85977c3149413e3fa4b70eb2397426456863adbf43306 + - example.com:5000/project/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890 + - example.com/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890 + - my-registry.local/project/my-image@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef \ No newline at end of file diff --git a/machineconfiguration/v1alpha1/types_pinnedimageset.go b/machineconfiguration/v1alpha1/types_pinnedimageset.go new file mode 100644 index 00000000000..0ad4ae8d2ad --- /dev/null +++ b/machineconfiguration/v1alpha1/types_pinnedimageset.go @@ -0,0 +1,97 @@ +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +genclient:nonNamespaced +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// +kubebuilder:object:root=true +// +kubebuilder:resource:path=pinnedimagesets,scope=Cluster +// +openshift:file-pattern=0000_80_pinnedimagesetMARKERS.crd.yaml +// +openshift:enable:FeatureGate=PinnedImages +// +kubebuilder:metadata:labels=openshift.io/operator-managed= + +// PinnedImageSet describes a set of images that should be pinned by CRI-O and +// pulled to the nodes which are members of the declared MachineConfigPools. +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +type PinnedImageSet struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + // spec describes the configuration of this pinned image set. + // +kubebuilder:validation:Required + Spec PinnedImageSetSpec `json:"spec"` +} + +// PinnedImageSetSpec defines the desired state of a PinnedImageSet. +type PinnedImageSetSpec struct { + // pinnedImages is a list of OCI Image referenced by digest that should be + // pinned and pre-loaded by the nodes of a MachineConfigPool. + // Translates into a new file inside the /etc/crio/crio.conf.d directory + // with content similar to this: + // + // pinned_images = [ + // "quay.io/openshift-release-dev/ocp-release@sha256:...", + // "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...", + // "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...", + // ... + // ] + // + // These image references should all be by digest, tags aren't allowed. + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=2000 + // +listType=atomic + PinnedImages []PinnedImageRef `json:"pinnedImages"` +} + +// PinnedImageRef is an OCI Image referenced by digest. +// +// The format of the image ref is: +// host[:port][/namespace]/name@sha256: +// +kubebuilder:validation:Required +// +kubebuilder:validation:MinLength=1 +// +kubebuilder:validation:MaxLength=447 +// +kubebuilder:validation:XValidation:rule=`self.matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*@sha256:[a-f0-9]{64}$')`,message="The image reference must be in the format host[:port][/namespace]/name@sha256: with a valid SHA256 digest" +type PinnedImageRef string + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// PinnedImageSetList is a list of PinnedImageSet resources +// +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +type PinnedImageSetList struct { + metav1.TypeMeta `json:",inline"` + + // metadata is the standard list's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + metav1.ListMeta `json:"metadata"` + + Items []PinnedImageSet `json:"items"` +} + +// MachineConfigPoolSpec is the spec for MachineConfigPool resource. +// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. +// +openshift:compatibility-gen:level=4 +type MachineConfigPoolSpec struct { + // pinnedImageSets is a list of PinnedImageSetRef objects that should be + // applied to the nodes in this pool. + // +optional + // +listType=atomic + PinnedImageSets []PinnedImageSetRef `json:"pinnedImageSets"` +} + +type PinnedImageSetRef struct { + // name is a reference to the name of a PinnedImageSet. + // Must adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123) + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$` + // +kubebuilder:validation:Required + Name string `json:"name"` +} diff --git a/machineconfiguration/v1alpha1/zz_generated.deepcopy.go b/machineconfiguration/v1alpha1/zz_generated.deepcopy.go index d2ab9b91afd..e99cf5fd42e 100644 --- a/machineconfiguration/v1alpha1/zz_generated.deepcopy.go +++ b/machineconfiguration/v1alpha1/zz_generated.deepcopy.go @@ -161,3 +161,121 @@ func (in *MachineConfigNodeStatusMachineConfigVersion) DeepCopy() *MachineConfig in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineConfigPoolSpec) DeepCopyInto(out *MachineConfigPoolSpec) { + *out = *in + if in.PinnedImageSets != nil { + in, out := &in.PinnedImageSets, &out.PinnedImageSets + *out = make([]PinnedImageSetRef, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineConfigPoolSpec. +func (in *MachineConfigPoolSpec) DeepCopy() *MachineConfigPoolSpec { + if in == nil { + return nil + } + out := new(MachineConfigPoolSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PinnedImageSet) DeepCopyInto(out *PinnedImageSet) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PinnedImageSet. +func (in *PinnedImageSet) DeepCopy() *PinnedImageSet { + if in == nil { + return nil + } + out := new(PinnedImageSet) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PinnedImageSet) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PinnedImageSetList) DeepCopyInto(out *PinnedImageSetList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]PinnedImageSet, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PinnedImageSetList. +func (in *PinnedImageSetList) DeepCopy() *PinnedImageSetList { + if in == nil { + return nil + } + out := new(PinnedImageSetList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PinnedImageSetList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PinnedImageSetRef) DeepCopyInto(out *PinnedImageSetRef) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PinnedImageSetRef. +func (in *PinnedImageSetRef) DeepCopy() *PinnedImageSetRef { + if in == nil { + return nil + } + out := new(PinnedImageSetRef) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PinnedImageSetSpec) DeepCopyInto(out *PinnedImageSetSpec) { + *out = *in + if in.PinnedImages != nil { + in, out := &in.PinnedImages, &out.PinnedImages + *out = make([]PinnedImageRef, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PinnedImageSetSpec. +func (in *PinnedImageSetSpec) DeepCopy() *PinnedImageSetSpec { + if in == nil { + return nil + } + out := new(PinnedImageSetSpec) + in.DeepCopyInto(out) + return out +} diff --git a/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests.yaml index 372f1c81ff4..71caffdc79b 100644 --- a/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests.yaml +++ b/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -66,3 +66,25 @@ machineconfignodes.machineconfiguration.openshift.io: - MachineConfigNodes Version: v1alpha1 +pinnedimagesets.machineconfiguration.openshift.io: + Annotations: {} + ApprovedPRNumber: "" + CRDName: pinnedimagesets.machineconfiguration.openshift.io + Capability: "" + Category: "" + FeatureGates: + - PinnedImages + GroupName: machineconfiguration.openshift.io + HasStatus: false + KindName: PinnedImageSet + Labels: + openshift.io/operator-managed: "" + PluralName: pinnedimagesets + PrinterColumns: [] + Scope: Cluster + ShortName: "" + TargetFilenamePattern: 0000_80_pinnedimagesetMARKERS.crd.yaml + TopLevelFeatureGates: + - PinnedImages + Version: v1alpha1 + diff --git a/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests/pinnedimagesets.machineconfiguration.openshift.io/PinnedImages.yaml b/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests/pinnedimagesets.machineconfiguration.openshift.io/PinnedImages.yaml new file mode 100644 index 00000000000..b548e4befc0 --- /dev/null +++ b/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests/pinnedimagesets.machineconfiguration.openshift.io/PinnedImages.yaml @@ -0,0 +1,72 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api.openshift.io/filename-pattern: 0000_80_pinnedimagesetMARKERS.crd.yaml + feature-gate.release.openshift.io/PinnedImages: "true" + labels: + openshift.io/operator-managed: "" + name: pinnedimagesets.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: PinnedImageSet + listKind: PinnedImageSetList + plural: pinnedimagesets + singular: pinnedimageset + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "PinnedImageSet describes a set of images that should be pinned + by CRI-O and pulled to the nodes which are members of the declared MachineConfigPools. + \n Compatibility level 4: No compatibility is provided, the API can change + at any point for any reason. These capabilities should not be used by applications + needing long term support." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec describes the configuration of this pinned image set. + properties: + pinnedImages: + description: "pinnedImages is a list of OCI Image referenced by digest + that should be pinned and pre-loaded by the nodes of a MachineConfigPool. + Translates into a new file inside the /etc/crio/crio.conf.d directory + with content similar to this: \n pinned_images = [ \"quay.io/openshift-release-dev/ocp-release@sha256:...\", + \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\", \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\", + ... ] \n These image references should all be by digest, tags aren't + allowed." + items: + description: "PinnedImageRef is an OCI Image referenced by digest. + \n The format of the image ref is: host[:port][/namespace]/name@sha256:" + maxLength: 447 + minLength: 1 + type: string + x-kubernetes-validations: + - message: The image reference must be in the format host[:port][/namespace]/name@sha256: + with a valid SHA256 digest + rule: self.matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*@sha256:[a-f0-9]{64}$') + maxItems: 2000 + minItems: 1 + type: array + x-kubernetes-list-type: atomic + required: + - pinnedImages + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go b/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go index 0044c9c4b61..ca5f351d7ae 100644 --- a/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go @@ -79,4 +79,48 @@ func (MachineConfigNodeStatusMachineConfigVersion) SwaggerDoc() map[string]strin return map_MachineConfigNodeStatusMachineConfigVersion } +var map_MachineConfigPoolSpec = map[string]string{ + "": "MachineConfigPoolSpec is the spec for MachineConfigPool resource. Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "pinnedImageSets": "pinnedImageSets is a list of PinnedImageSetRef objects that should be applied to the nodes in this pool.", +} + +func (MachineConfigPoolSpec) SwaggerDoc() map[string]string { + return map_MachineConfigPoolSpec +} + +var map_PinnedImageSet = map[string]string{ + "": "PinnedImageSet describes a set of images that should be pinned by CRI-O and pulled to the nodes which are members of the declared MachineConfigPools.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "spec": "spec describes the configuration of this pinned image set.", +} + +func (PinnedImageSet) SwaggerDoc() map[string]string { + return map_PinnedImageSet +} + +var map_PinnedImageSetList = map[string]string{ + "": "PinnedImageSetList is a list of PinnedImageSet resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "metadata": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", +} + +func (PinnedImageSetList) SwaggerDoc() map[string]string { + return map_PinnedImageSetList +} + +var map_PinnedImageSetRef = map[string]string{ + "name": "name is a reference to the name of a PinnedImageSet. Must adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123)", +} + +func (PinnedImageSetRef) SwaggerDoc() map[string]string { + return map_PinnedImageSetRef +} + +var map_PinnedImageSetSpec = map[string]string{ + "": "PinnedImageSetSpec defines the desired state of a PinnedImageSet.", + "pinnedImages": "pinnedImages is a list of OCI Image referenced by digest that should be pinned and pre-loaded by the nodes of a MachineConfigPool. Translates into a new file inside the /etc/crio/crio.conf.d directory with content similar to this:\n\n pinned_images = [\n \"quay.io/openshift-release-dev/ocp-release@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n ...\n ]\n\nThese image references should all be by digest, tags aren't allowed.", +} + +func (PinnedImageSetSpec) SwaggerDoc() map[string]string { + return map_PinnedImageSetSpec +} + // AUTO-GENERATED FUNCTIONS END HERE diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 33efff5c013..f6f84e8ca14 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -755,6 +755,11 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeSpecMachineConfigVersion": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeSpecMachineConfigVersion(ref), "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatus": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatus(ref), "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatusMachineConfigVersion": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatusMachineConfigVersion(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigPoolSpec": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigPoolSpec(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSet": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSet(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetList": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetList(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetRef": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetRef(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetSpec": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetSpec(ref), "github.com/openshift/api/monitoring/v1.AlertRelabelConfig": schema_openshift_api_monitoring_v1_AlertRelabelConfig(ref), "github.com/openshift/api/monitoring/v1.AlertRelabelConfigList": schema_openshift_api_monitoring_v1_AlertRelabelConfigList(ref), "github.com/openshift/api/monitoring/v1.AlertRelabelConfigSpec": schema_openshift_api_monitoring_v1_AlertRelabelConfigSpec(ref), @@ -38554,6 +38559,188 @@ func schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatusM } } +func schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigPoolSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "MachineConfigPoolSpec is the spec for MachineConfigPool resource. Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "pinnedImageSets": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "pinnedImageSets is a list of PinnedImageSetRef objects that should be applied to the nodes in this pool.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetRef"), + }, + }, + }, + }, + }, + }, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetRef"}, + } +} + +func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSet(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PinnedImageSet describes a set of images that should be pinned by CRI-O and pulled to the nodes which are members of the declared MachineConfigPools.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"), + }, + }, + "spec": { + SchemaProps: spec.SchemaProps{ + Description: "spec describes the configuration of this pinned image set.", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetSpec"), + }, + }, + }, + Required: []string{"spec"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetSpec", "k8s.io/apimachinery/pkg/apis/meta/v1.ObjectMeta"}, + } +} + +func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetList(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PinnedImageSetList is a list of PinnedImageSet resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "kind": { + SchemaProps: spec.SchemaProps{ + Description: "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + Type: []string{"string"}, + Format: "", + }, + }, + "apiVersion": { + SchemaProps: spec.SchemaProps{ + Description: "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + Type: []string{"string"}, + Format: "", + }, + }, + "metadata": { + SchemaProps: spec.SchemaProps{ + Description: "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + Default: map[string]interface{}{}, + Ref: ref("k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"), + }, + }, + "items": { + SchemaProps: spec.SchemaProps{ + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSet"), + }, + }, + }, + }, + }, + }, + Required: []string{"metadata", "items"}, + }, + }, + Dependencies: []string{ + "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSet", "k8s.io/apimachinery/pkg/apis/meta/v1.ListMeta"}, + } +} + +func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetRef(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is a reference to the name of a PinnedImageSet. Must adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123)", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name"}, + }, + }, + } +} + +func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Description: "PinnedImageSetSpec defines the desired state of a PinnedImageSet.", + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "pinnedImages": { + VendorExtensible: spec.VendorExtensible{ + Extensions: spec.Extensions{ + "x-kubernetes-list-type": "atomic", + }, + }, + SchemaProps: spec.SchemaProps{ + Description: "pinnedImages is a list of OCI Image referenced by digest that should be pinned and pre-loaded by the nodes of a MachineConfigPool. Translates into a new file inside the /etc/crio/crio.conf.d directory with content similar to this:\n\n pinned_images = [\n \"quay.io/openshift-release-dev/ocp-release@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n ...\n ]\n\nThese image references should all be by digest, tags aren't allowed.", + Type: []string{"array"}, + Items: &spec.SchemaOrArray{ + Schema: &spec.Schema{ + SchemaProps: spec.SchemaProps{ + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + }, + }, + }, + Required: []string{"pinnedImages"}, + }, + }, + } +} + func schema_openshift_api_monitoring_v1_AlertRelabelConfig(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/openapi/openapi.json b/openapi/openapi.json index 9d885c38910..02173d83b6e 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -22370,6 +22370,108 @@ } } }, + "com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigPoolSpec": { + "description": "MachineConfigPoolSpec is the spec for MachineConfigPool resource. Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "properties": { + "pinnedImageSets": { + "description": "pinnedImageSets is a list of PinnedImageSetRef objects that should be applied to the nodes in this pool.", + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSetRef" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, + "com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSet": { + "description": "PinnedImageSet describes a set of images that should be pinned by CRI-O and pulled to the nodes which are members of the declared MachineConfigPools.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "required": [ + "spec" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta" + }, + "spec": { + "description": "spec describes the configuration of this pinned image set.", + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSetSpec" + } + } + }, + "com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSetList": { + "description": "PinnedImageSetList is a list of PinnedImageSet resources\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", + "type": "object", + "required": [ + "metadata", + "items" + ], + "properties": { + "apiVersion": { + "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources", + "type": "string" + }, + "items": { + "type": "array", + "items": { + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSet" + } + }, + "kind": { + "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds", + "type": "string" + }, + "metadata": { + "description": "metadata is the standard list's metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata", + "default": {}, + "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta" + } + } + }, + "com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSetRef": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "name is a reference to the name of a PinnedImageSet. Must adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123)", + "type": "string", + "default": "" + } + } + }, + "com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSetSpec": { + "description": "PinnedImageSetSpec defines the desired state of a PinnedImageSet.", + "type": "object", + "required": [ + "pinnedImages" + ], + "properties": { + "pinnedImages": { + "description": "pinnedImages is a list of OCI Image referenced by digest that should be pinned and pre-loaded by the nodes of a MachineConfigPool. Translates into a new file inside the /etc/crio/crio.conf.d directory with content similar to this:\n\n pinned_images = [\n \"quay.io/openshift-release-dev/ocp-release@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n ...\n ]\n\nThese image references should all be by digest, tags aren't allowed.", + "type": "array", + "items": { + "type": "string", + "default": "" + }, + "x-kubernetes-list-type": "atomic" + } + } + }, "com.github.openshift.api.monitoring.v1.AlertRelabelConfig": { "description": "AlertRelabelConfig defines a set of relabel configs for alerts.\n\nCompatibility level 1: Stable within a major release for a minimum of 12 months or 3 minor releases (whichever is longer).", "type": "object", From 079ff78fc7681bf155cc4018775ff372fa3bd539 Mon Sep 17 00:00:00 2001 From: Sam Batschelet Date: Mon, 11 Mar 2024 00:02:34 -0400 Subject: [PATCH 2/5] feature gate v1 types Signed-off-by: Sam Batschelet --- machineconfiguration/v1/types.go | 18 ++++++ .../v1/zz_generated.deepcopy.go | 21 +++++++ .../v1/zz_generated.swagger_doc_generated.go | 9 +++ ...80_pinnedimageset-CustomNoUpgrade.crd.yaml | 1 + ...nnedimageset-TechPreviewNoUpgrade.crd.yaml | 1 + .../v1alpha1/types_pinnedimageset.go | 22 +------ .../v1alpha1/zz_generated.deepcopy.go | 37 ------------ ..._generated.featuregated-crd-manifests.yaml | 2 +- .../PinnedImages.yaml | 1 + .../zz_generated.swagger_doc_generated.go | 17 ------ .../generated_openapi/zz_generated.openapi.go | 57 ------------------- openapi/openapi.json | 28 --------- 12 files changed, 53 insertions(+), 161 deletions(-) diff --git a/machineconfiguration/v1/types.go b/machineconfiguration/v1/types.go index 6f8ca2b21bc..f1b13400774 100644 --- a/machineconfiguration/v1/types.go +++ b/machineconfiguration/v1/types.go @@ -421,6 +421,24 @@ type MachineConfigPoolSpec struct { // The targeted MachineConfig object for the machine config pool. // +optional Configuration MachineConfigPoolStatusConfiguration `json:"configuration"` + + // pinnedImageSets is a list of PinnedImageSetRef objects that should be + // applied to the nodes in this pool. + // +openshift:enable:FeatureGate=PinnedImages + // +optional + // +listType=atomic + PinnedImageSets []PinnedImageSetRef `json:"pinnedImageSets"` +} + +type PinnedImageSetRef struct { + // name is a reference to the name of a PinnedImageSet. + // Must adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123) + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$` + // +kubebuilder:validation:Required + // +openshift:enable:FeatureGate=PinnedImages + Name string `json:"name"` } // MachineConfigPoolStatus is the status for MachineConfigPool resource. diff --git a/machineconfiguration/v1/zz_generated.deepcopy.go b/machineconfiguration/v1/zz_generated.deepcopy.go index 180027a84e4..d89627b91dd 100644 --- a/machineconfiguration/v1/zz_generated.deepcopy.go +++ b/machineconfiguration/v1/zz_generated.deepcopy.go @@ -730,6 +730,11 @@ func (in *MachineConfigPoolSpec) DeepCopyInto(out *MachineConfigPoolSpec) { **out = **in } in.Configuration.DeepCopyInto(&out.Configuration) + if in.PinnedImageSets != nil { + in, out := &in.PinnedImageSets, &out.PinnedImageSets + *out = make([]PinnedImageSetRef, len(*in)) + copy(*out, *in) + } return } @@ -843,3 +848,19 @@ func (in *NetworkInfo) DeepCopy() *NetworkInfo { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PinnedImageSetRef) DeepCopyInto(out *PinnedImageSetRef) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PinnedImageSetRef. +func (in *PinnedImageSetRef) DeepCopy() *PinnedImageSetRef { + if in == nil { + return nil + } + out := new(PinnedImageSetRef) + in.DeepCopyInto(out) + return out +} diff --git a/machineconfiguration/v1/zz_generated.swagger_doc_generated.go b/machineconfiguration/v1/zz_generated.swagger_doc_generated.go index d1151c23b4f..a9a42073929 100644 --- a/machineconfiguration/v1/zz_generated.swagger_doc_generated.go +++ b/machineconfiguration/v1/zz_generated.swagger_doc_generated.go @@ -279,6 +279,7 @@ var map_MachineConfigPoolSpec = map[string]string{ "paused": "paused specifies whether or not changes to this machine config pool should be stopped. This includes generating new desiredMachineConfig and update of machines.", "maxUnavailable": "maxUnavailable defines either an integer number or percentage of nodes in the pool that can go Unavailable during an update. This includes nodes Unavailable for any reason, including user initiated cordons, failing nodes, etc. The default value is 1.\n\nA value larger than 1 will mean multiple nodes going unavailable during the update, which may affect your workload stress on the remaining nodes. You cannot set this value to 0 to stop updates (it will default back to 1); to stop updates, use the 'paused' property instead. Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum guards, even if maxUnavailable is greater than one.", "configuration": "The targeted MachineConfig object for the machine config pool.", + "pinnedImageSets": "pinnedImageSets is a list of PinnedImageSetRef objects that should be applied to the nodes in this pool.", } func (MachineConfigPoolSpec) SwaggerDoc() map[string]string { @@ -335,4 +336,12 @@ func (NetworkInfo) SwaggerDoc() map[string]string { return map_NetworkInfo } +var map_PinnedImageSetRef = map[string]string{ + "name": "name is a reference to the name of a PinnedImageSet. Must adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123)", +} + +func (PinnedImageSetRef) SwaggerDoc() map[string]string { + return map_PinnedImageSetRef +} + // AUTO-GENERATED FUNCTIONS END HERE diff --git a/machineconfiguration/v1alpha1/0000_80_pinnedimageset-CustomNoUpgrade.crd.yaml b/machineconfiguration/v1alpha1/0000_80_pinnedimageset-CustomNoUpgrade.crd.yaml index 1dbcebc21c7..a569a806e34 100644 --- a/machineconfiguration/v1alpha1/0000_80_pinnedimageset-CustomNoUpgrade.crd.yaml +++ b/machineconfiguration/v1alpha1/0000_80_pinnedimageset-CustomNoUpgrade.crd.yaml @@ -2,6 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1713 api.openshift.io/merged-by-featuregates: "true" include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" diff --git a/machineconfiguration/v1alpha1/0000_80_pinnedimageset-TechPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1alpha1/0000_80_pinnedimageset-TechPreviewNoUpgrade.crd.yaml index d8b82d69ca4..1a13fdbf22e 100644 --- a/machineconfiguration/v1alpha1/0000_80_pinnedimageset-TechPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1alpha1/0000_80_pinnedimageset-TechPreviewNoUpgrade.crd.yaml @@ -2,6 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1713 api.openshift.io/merged-by-featuregates: "true" include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" diff --git a/machineconfiguration/v1alpha1/types_pinnedimageset.go b/machineconfiguration/v1alpha1/types_pinnedimageset.go index 0ad4ae8d2ad..6225df68436 100644 --- a/machineconfiguration/v1alpha1/types_pinnedimageset.go +++ b/machineconfiguration/v1alpha1/types_pinnedimageset.go @@ -9,6 +9,7 @@ import ( // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:object:root=true // +kubebuilder:resource:path=pinnedimagesets,scope=Cluster +// +openshift:api-approved.openshift.io=https://github.com/openshift/api/pull/1713 // +openshift:file-pattern=0000_80_pinnedimagesetMARKERS.crd.yaml // +openshift:enable:FeatureGate=PinnedImages // +kubebuilder:metadata:labels=openshift.io/operator-managed= @@ -74,24 +75,3 @@ type PinnedImageSetList struct { Items []PinnedImageSet `json:"items"` } - -// MachineConfigPoolSpec is the spec for MachineConfigPool resource. -// Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support. -// +openshift:compatibility-gen:level=4 -type MachineConfigPoolSpec struct { - // pinnedImageSets is a list of PinnedImageSetRef objects that should be - // applied to the nodes in this pool. - // +optional - // +listType=atomic - PinnedImageSets []PinnedImageSetRef `json:"pinnedImageSets"` -} - -type PinnedImageSetRef struct { - // name is a reference to the name of a PinnedImageSet. - // Must adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123) - // +kubebuilder:validation:MinLength=1 - // +kubebuilder:validation:MaxLength=253 - // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$` - // +kubebuilder:validation:Required - Name string `json:"name"` -} diff --git a/machineconfiguration/v1alpha1/zz_generated.deepcopy.go b/machineconfiguration/v1alpha1/zz_generated.deepcopy.go index e99cf5fd42e..758a4e6a080 100644 --- a/machineconfiguration/v1alpha1/zz_generated.deepcopy.go +++ b/machineconfiguration/v1alpha1/zz_generated.deepcopy.go @@ -162,27 +162,6 @@ func (in *MachineConfigNodeStatusMachineConfigVersion) DeepCopy() *MachineConfig return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *MachineConfigPoolSpec) DeepCopyInto(out *MachineConfigPoolSpec) { - *out = *in - if in.PinnedImageSets != nil { - in, out := &in.PinnedImageSets, &out.PinnedImageSets - *out = make([]PinnedImageSetRef, len(*in)) - copy(*out, *in) - } - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineConfigPoolSpec. -func (in *MachineConfigPoolSpec) DeepCopy() *MachineConfigPoolSpec { - if in == nil { - return nil - } - out := new(MachineConfigPoolSpec) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PinnedImageSet) DeepCopyInto(out *PinnedImageSet) { *out = *in @@ -243,22 +222,6 @@ func (in *PinnedImageSetList) DeepCopyObject() runtime.Object { return nil } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *PinnedImageSetRef) DeepCopyInto(out *PinnedImageSetRef) { - *out = *in - return -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PinnedImageSetRef. -func (in *PinnedImageSetRef) DeepCopy() *PinnedImageSetRef { - if in == nil { - return nil - } - out := new(PinnedImageSetRef) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PinnedImageSetSpec) DeepCopyInto(out *PinnedImageSetSpec) { *out = *in diff --git a/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests.yaml index 71caffdc79b..f647c78e462 100644 --- a/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests.yaml +++ b/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -68,7 +68,7 @@ machineconfignodes.machineconfiguration.openshift.io: pinnedimagesets.machineconfiguration.openshift.io: Annotations: {} - ApprovedPRNumber: "" + ApprovedPRNumber: https://github.com/openshift/api/pull/1713 CRDName: pinnedimagesets.machineconfiguration.openshift.io Capability: "" Category: "" diff --git a/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests/pinnedimagesets.machineconfiguration.openshift.io/PinnedImages.yaml b/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests/pinnedimagesets.machineconfiguration.openshift.io/PinnedImages.yaml index b548e4befc0..7b0d120463a 100644 --- a/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests/pinnedimagesets.machineconfiguration.openshift.io/PinnedImages.yaml +++ b/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests/pinnedimagesets.machineconfiguration.openshift.io/PinnedImages.yaml @@ -2,6 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1713 api.openshift.io/filename-pattern: 0000_80_pinnedimagesetMARKERS.crd.yaml feature-gate.release.openshift.io/PinnedImages: "true" labels: diff --git a/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go b/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go index ca5f351d7ae..cab7373966e 100644 --- a/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go @@ -79,15 +79,6 @@ func (MachineConfigNodeStatusMachineConfigVersion) SwaggerDoc() map[string]strin return map_MachineConfigNodeStatusMachineConfigVersion } -var map_MachineConfigPoolSpec = map[string]string{ - "": "MachineConfigPoolSpec is the spec for MachineConfigPool resource. Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "pinnedImageSets": "pinnedImageSets is a list of PinnedImageSetRef objects that should be applied to the nodes in this pool.", -} - -func (MachineConfigPoolSpec) SwaggerDoc() map[string]string { - return map_MachineConfigPoolSpec -} - var map_PinnedImageSet = map[string]string{ "": "PinnedImageSet describes a set of images that should be pinned by CRI-O and pulled to the nodes which are members of the declared MachineConfigPools.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "spec": "spec describes the configuration of this pinned image set.", @@ -106,14 +97,6 @@ func (PinnedImageSetList) SwaggerDoc() map[string]string { return map_PinnedImageSetList } -var map_PinnedImageSetRef = map[string]string{ - "name": "name is a reference to the name of a PinnedImageSet. Must adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123)", -} - -func (PinnedImageSetRef) SwaggerDoc() map[string]string { - return map_PinnedImageSetRef -} - var map_PinnedImageSetSpec = map[string]string{ "": "PinnedImageSetSpec defines the desired state of a PinnedImageSet.", "pinnedImages": "pinnedImages is a list of OCI Image referenced by digest that should be pinned and pre-loaded by the nodes of a MachineConfigPool. Translates into a new file inside the /etc/crio/crio.conf.d directory with content similar to this:\n\n pinned_images = [\n \"quay.io/openshift-release-dev/ocp-release@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n ...\n ]\n\nThese image references should all be by digest, tags aren't allowed.", diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index f6f84e8ca14..6eea0aa110e 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -755,10 +755,8 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeSpecMachineConfigVersion": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeSpecMachineConfigVersion(ref), "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatus": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatus(ref), "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatusMachineConfigVersion": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatusMachineConfigVersion(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigPoolSpec": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigPoolSpec(ref), "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSet": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSet(ref), "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetList": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetList(ref), - "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetRef": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetRef(ref), "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetSpec": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetSpec(ref), "github.com/openshift/api/monitoring/v1.AlertRelabelConfig": schema_openshift_api_monitoring_v1_AlertRelabelConfig(ref), "github.com/openshift/api/monitoring/v1.AlertRelabelConfigList": schema_openshift_api_monitoring_v1_AlertRelabelConfigList(ref), @@ -38559,40 +38557,6 @@ func schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatusM } } -func schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigPoolSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Description: "MachineConfigPoolSpec is the spec for MachineConfigPool resource. Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "pinnedImageSets": { - VendorExtensible: spec.VendorExtensible{ - Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", - }, - }, - SchemaProps: spec.SchemaProps{ - Description: "pinnedImageSets is a list of PinnedImageSetRef objects that should be applied to the nodes in this pool.", - Type: []string{"array"}, - Items: &spec.SchemaOrArray{ - Schema: &spec.Schema{ - SchemaProps: spec.SchemaProps{ - Default: map[string]interface{}{}, - Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetRef"), - }, - }, - }, - }, - }, - }, - }, - }, - Dependencies: []string{ - "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetRef"}, - } -} - func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSet(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -38686,27 +38650,6 @@ func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetList(ref c } } -func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetRef(ref common.ReferenceCallback) common.OpenAPIDefinition { - return common.OpenAPIDefinition{ - Schema: spec.Schema{ - SchemaProps: spec.SchemaProps{ - Type: []string{"object"}, - Properties: map[string]spec.Schema{ - "name": { - SchemaProps: spec.SchemaProps{ - Description: "name is a reference to the name of a PinnedImageSet. Must adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123)", - Default: "", - Type: []string{"string"}, - Format: "", - }, - }, - }, - Required: []string{"name"}, - }, - }, - } -} - func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetSpec(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ diff --git a/openapi/openapi.json b/openapi/openapi.json index 02173d83b6e..2b7ec7db798 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -22370,21 +22370,6 @@ } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.MachineConfigPoolSpec": { - "description": "MachineConfigPoolSpec is the spec for MachineConfigPool resource. Compatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", - "type": "object", - "properties": { - "pinnedImageSets": { - "description": "pinnedImageSets is a list of PinnedImageSetRef objects that should be applied to the nodes in this pool.", - "type": "array", - "items": { - "default": {}, - "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSetRef" - }, - "x-kubernetes-list-type": "atomic" - } - } - }, "com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSet": { "description": "PinnedImageSet describes a set of images that should be pinned by CRI-O and pulled to the nodes which are members of the declared MachineConfigPools.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", @@ -22441,19 +22426,6 @@ } } }, - "com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSetRef": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "description": "name is a reference to the name of a PinnedImageSet. Must adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123)", - "type": "string", - "default": "" - } - } - }, "com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSetSpec": { "description": "PinnedImageSetSpec defines the desired state of a PinnedImageSet.", "type": "object", From de8b7bf9456144a0835cdddbc4b187f19a45a87e Mon Sep 17 00:00:00 2001 From: Sam Batschelet Date: Thu, 14 Mar 2024 23:31:28 -0400 Subject: [PATCH 3/5] updates from review and regen Signed-off-by: Sam Batschelet --- machineconfiguration/v1/types.go | 36 ++++++--- ..._generated.featuregated-crd-manifests.yaml | 3 +- .../v1/zz_generated.swagger_doc_generated.go | 4 +- ...80_pinnedimageset-CustomNoUpgrade.crd.yaml | 27 ++++--- ...nnedimageset-TechPreviewNoUpgrade.crd.yaml | 27 ++++--- .../custom.pinnedimageset.testsuite.yaml | 77 ++++++++++++++++--- .../techpreview.pinnedimageset.testsuite.yaml | 75 ++++++++++++++++-- .../v1alpha1/types_pinnedimageset.go | 23 +++--- .../v1alpha1/zz_generated.deepcopy.go | 16 ++++ ..._generated.featuregated-crd-manifests.yaml | 2 +- .../PinnedImages.yaml | 27 ++++--- .../zz_generated.swagger_doc_generated.go | 8 ++ .../generated_openapi/zz_generated.openapi.go | 34 +++++++- openapi/openapi.json | 22 +++++- 14 files changed, 302 insertions(+), 79 deletions(-) diff --git a/machineconfiguration/v1/types.go b/machineconfiguration/v1/types.go index f1b13400774..de6fad35725 100644 --- a/machineconfiguration/v1/types.go +++ b/machineconfiguration/v1/types.go @@ -422,22 +422,36 @@ type MachineConfigPoolSpec struct { // +optional Configuration MachineConfigPoolStatusConfiguration `json:"configuration"` - // pinnedImageSets is a list of PinnedImageSetRef objects that should be - // applied to the nodes in this pool. - // +openshift:enable:FeatureGate=PinnedImages - // +optional - // +listType=atomic - PinnedImageSets []PinnedImageSetRef `json:"pinnedImageSets"` + // pinnedImageSets specifies a sequence of PinnedImageSetRef objects for the + // pool. Nodes within this pool will preload and pin images defined in the + // PinnedImageSet. Before pulling images the controller will ensure the + // total uncompressed size of all the images does not exceed available + // resources. Images from multiple PinnedImageSets are loaded and pinned + // sequentially as listed. Duplicate and existing images will be + // skipped. + // + // Failure to pull an image by a node results in the MachineConfigPool + // status set to Degraded. Resolving such failures is the responsibility of + // the user. + // +openshift:enable:FeatureGate=PinnedImages + // +optional + // +listType=map + // +listMapKey=name + PinnedImageSets []PinnedImageSetRef `json:"pinnedImageSets,omitempty"` } type PinnedImageSetRef struct { - // name is a reference to the name of a PinnedImageSet. - // Must adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123) + // name is a reference to the name of a PinnedImageSet. Must adhere to + // RFC-1123 (https://tools.ietf.org/html/rfc1123). + // Made up of one of more period-separated (.) segments, where each segment + // consists of alphanumeric characters and hyphens (-), must begin and end + // with an alphanumeric character, and is at most 63 characters in length. + // The total length of the name must not exceed 253 characters. + // +openshift:enable:FeatureGate=PinnedImages // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=253 - // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$` - // +kubebuilder:validation:Required - // +openshift:enable:FeatureGate=PinnedImages + // +kubebuilder:validation:Pattern=`^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$` + // +kubebuilder:validation:Required Name string `json:"name"` } diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml index f76c678b5d9..85c29c6abf5 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests.yaml @@ -102,7 +102,8 @@ machineconfigpools.machineconfiguration.openshift.io: CRDName: machineconfigpools.machineconfiguration.openshift.io Capability: "" Category: "" - FeatureGates: [] + FeatureGates: + - PinnedImages GroupName: machineconfiguration.openshift.io HasStatus: true KindName: MachineConfigPool diff --git a/machineconfiguration/v1/zz_generated.swagger_doc_generated.go b/machineconfiguration/v1/zz_generated.swagger_doc_generated.go index a9a42073929..c39ac69f1fe 100644 --- a/machineconfiguration/v1/zz_generated.swagger_doc_generated.go +++ b/machineconfiguration/v1/zz_generated.swagger_doc_generated.go @@ -279,7 +279,7 @@ var map_MachineConfigPoolSpec = map[string]string{ "paused": "paused specifies whether or not changes to this machine config pool should be stopped. This includes generating new desiredMachineConfig and update of machines.", "maxUnavailable": "maxUnavailable defines either an integer number or percentage of nodes in the pool that can go Unavailable during an update. This includes nodes Unavailable for any reason, including user initiated cordons, failing nodes, etc. The default value is 1.\n\nA value larger than 1 will mean multiple nodes going unavailable during the update, which may affect your workload stress on the remaining nodes. You cannot set this value to 0 to stop updates (it will default back to 1); to stop updates, use the 'paused' property instead. Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum guards, even if maxUnavailable is greater than one.", "configuration": "The targeted MachineConfig object for the machine config pool.", - "pinnedImageSets": "pinnedImageSets is a list of PinnedImageSetRef objects that should be applied to the nodes in this pool.", + "pinnedImageSets": "pinnedImageSets specifies a sequence of PinnedImageSetRef objects for the pool. Nodes within this pool will preload and pin images defined in the PinnedImageSet. Before pulling images the controller will ensure the total uncompressed size of all the images does not exceed available resources. Images from multiple PinnedImageSets are loaded and pinned sequentially as listed. Duplicate and existing images will be skipped.\n\nFailure to pull an image by a node results in the MachineConfigPool status set to Degraded. Resolving such failures is the responsibility of the user.", } func (MachineConfigPoolSpec) SwaggerDoc() map[string]string { @@ -337,7 +337,7 @@ func (NetworkInfo) SwaggerDoc() map[string]string { } var map_PinnedImageSetRef = map[string]string{ - "name": "name is a reference to the name of a PinnedImageSet. Must adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123)", + "name": "name is a reference to the name of a PinnedImageSet. Must adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123). Made up of one of more period-separated (.) segments, where each segment consists of alphanumeric characters and hyphens (-), must begin and end with an alphanumeric character, and is at most 63 characters in length. The total length of the name must not exceed 253 characters.", } func (PinnedImageSetRef) SwaggerDoc() map[string]string { diff --git a/machineconfiguration/v1alpha1/0000_80_pinnedimageset-CustomNoUpgrade.crd.yaml b/machineconfiguration/v1alpha1/0000_80_pinnedimageset-CustomNoUpgrade.crd.yaml index a569a806e34..d803f005d60 100644 --- a/machineconfiguration/v1alpha1/0000_80_pinnedimageset-CustomNoUpgrade.crd.yaml +++ b/machineconfiguration/v1alpha1/0000_80_pinnedimageset-CustomNoUpgrade.crd.yaml @@ -53,19 +53,26 @@ spec: ... ] \n These image references should all be by digest, tags aren't allowed." items: - description: "PinnedImageRef is an OCI Image referenced by digest. - \n The format of the image ref is: host[:port][/namespace]/name@sha256:" - maxLength: 447 - minLength: 1 - type: string - x-kubernetes-validations: - - message: The image reference must be in the format host[:port][/namespace]/name@sha256: - with a valid SHA256 digest - rule: self.matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*@sha256:[a-f0-9]{64}$') + properties: + name: + description: "name is an OCI Image referenced by digest. \n + The format of the image ref is: host[:port][/namespace]/name@sha256:" + maxLength: 447 + minLength: 1 + type: string + x-kubernetes-validations: + - message: The OCI Image reference must be in the format host[:port][/namespace]/name@sha256: + with a valid SHA256 digest + rule: self.matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*@sha256:[a-f0-9]{64}$') + required: + - name + type: object maxItems: 2000 minItems: 1 type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map required: - pinnedImages type: object diff --git a/machineconfiguration/v1alpha1/0000_80_pinnedimageset-TechPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1alpha1/0000_80_pinnedimageset-TechPreviewNoUpgrade.crd.yaml index 1a13fdbf22e..94482d9a761 100644 --- a/machineconfiguration/v1alpha1/0000_80_pinnedimageset-TechPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1alpha1/0000_80_pinnedimageset-TechPreviewNoUpgrade.crd.yaml @@ -53,19 +53,26 @@ spec: ... ] \n These image references should all be by digest, tags aren't allowed." items: - description: "PinnedImageRef is an OCI Image referenced by digest. - \n The format of the image ref is: host[:port][/namespace]/name@sha256:" - maxLength: 447 - minLength: 1 - type: string - x-kubernetes-validations: - - message: The image reference must be in the format host[:port][/namespace]/name@sha256: - with a valid SHA256 digest - rule: self.matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*@sha256:[a-f0-9]{64}$') + properties: + name: + description: "name is an OCI Image referenced by digest. \n + The format of the image ref is: host[:port][/namespace]/name@sha256:" + maxLength: 447 + minLength: 1 + type: string + x-kubernetes-validations: + - message: The OCI Image reference must be in the format host[:port][/namespace]/name@sha256: + with a valid SHA256 digest + rule: self.matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*@sha256:[a-f0-9]{64}$') + required: + - name + type: object maxItems: 2000 minItems: 1 type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map required: - pinnedImages type: object diff --git a/machineconfiguration/v1alpha1/custom.pinnedimageset.testsuite.yaml b/machineconfiguration/v1alpha1/custom.pinnedimageset.testsuite.yaml index 5a6c86a8e41..4baed129760 100644 --- a/machineconfiguration/v1alpha1/custom.pinnedimageset.testsuite.yaml +++ b/machineconfiguration/v1alpha1/custom.pinnedimageset.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this name: "[Custom] PinnedImageSet" -crd: 0000_80_pinnedimageset-TechPreviewNoUpgrade.crd.yaml +crd: 0000_80_pinnedimageset-CustomNoUpgrade.crd.yaml tests: onCreate: - name: Should be able to create a minimal PinnedImageSet @@ -11,10 +11,10 @@ tests: name: test-pinnedimageset spec: pinnedImages: - - example.io/my-project/image-v1.0_23@sha256:2c3ea52ac3a41c6d58e85977c3149413e3fa4b70eb2397426456863adbf43306 - - example.com:5000/project/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890 - - example.com/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890 - - my-registry.local/project/my-image@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef + - name: "example.io/my-project/image-v1.0_23@sha256:2c3ea52ac3a41c6d58e85977c3149413e3fa4b70eb2397426456863adbf43306" + - name: "example.com:5000/project/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + - name: "example.com/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + - name: "my-registry.local/project/my-image@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" expected: | apiVersion: machineconfiguration.openshift.io/v1alpha1 kind: PinnedImageSet @@ -22,7 +22,66 @@ tests: name: test-pinnedimageset spec: pinnedImages: - - example.io/my-project/image-v1.0_23@sha256:2c3ea52ac3a41c6d58e85977c3149413e3fa4b70eb2397426456863adbf43306 - - example.com:5000/project/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890 - - example.com/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890 - - my-registry.local/project/my-image@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef \ No newline at end of file + - name: "example.io/my-project/image-v1.0_23@sha256:2c3ea52ac3a41c6d58e85977c3149413e3fa4b70eb2397426456863adbf43306" + - name: "example.com:5000/project/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + - name: "example.com/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + - name: "my-registry.local/project/my-image@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" + - name: Invalid image referenced by tag + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: PinnedImageSet + metadata: + name: test-pinnedimageset + spec: + pinnedImages: + - name: "example.io/my-project/image-v1.0_23:latest" + expectedError: "Invalid value: \"string\": The OCI Image reference must be in the format host[:port][/namespace]/name@sha256: with a valid SHA256 digest" + - name: Invalid empty image + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: PinnedImageSet + metadata: + name: test-pinnedimageset + spec: + pinnedImages: + - name: "" + expectedError: "Invalid value: \"string\": The OCI Image reference must be in the format host[:port][/namespace]/name@sha256: with a valid SHA256 digest" + - name: Should reject a malformed SHA256 digest + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: PinnedImageSet + metadata: + name: test-pinnedimageset-bad-digest + spec: + pinnedImages: + - name: "example.io/bad-digest/image@sha256:12345" + expectedError: "Invalid value: \"string\": The OCI Image reference must be in the format host[:port][/namespace]/name@sha256: with a valid SHA256 digest" + - name: Should accept multiple images with different registries and namespaces + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: PinnedImageSet + metadata: + name: test-pinnedimageset-multiple-registries + spec: + pinnedImages: + - name: "docker.io/project/name@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" + - name: "quay.io/project/name@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" + expected: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: PinnedImageSet + metadata: + name: test-pinnedimageset-multiple-registries + spec: + pinnedImages: + - name: "docker.io/project/name@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" + - name: "quay.io/project/name@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" + - name: Should reject images without a registry specified + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: PinnedImageSet + metadata: + name: test-pinnedimageset-no-registry + spec: + pinnedImages: + - name: "my-project/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + expectedError: "Invalid value: \"string\": The OCI Image reference must be in the format host[:port][/namespace]/name@sha256: with a valid SHA256 digest" \ No newline at end of file diff --git a/machineconfiguration/v1alpha1/techpreview.pinnedimageset.testsuite.yaml b/machineconfiguration/v1alpha1/techpreview.pinnedimageset.testsuite.yaml index 18dadc607e7..9595a86543c 100644 --- a/machineconfiguration/v1alpha1/techpreview.pinnedimageset.testsuite.yaml +++ b/machineconfiguration/v1alpha1/techpreview.pinnedimageset.testsuite.yaml @@ -11,10 +11,10 @@ tests: name: test-pinnedimageset spec: pinnedImages: - - example.io/my-project/image-v1.0_23@sha256:2c3ea52ac3a41c6d58e85977c3149413e3fa4b70eb2397426456863adbf43306 - - example.com:5000/project/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890 - - example.com/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890 - - my-registry.local/project/my-image@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef + - name: "example.io/my-project/image-v1.0_23@sha256:2c3ea52ac3a41c6d58e85977c3149413e3fa4b70eb2397426456863adbf43306" + - name: "example.com:5000/project/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + - name: "example.com/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + - name: "my-registry.local/project/my-image@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" expected: | apiVersion: machineconfiguration.openshift.io/v1alpha1 kind: PinnedImageSet @@ -22,7 +22,66 @@ tests: name: test-pinnedimageset spec: pinnedImages: - - example.io/my-project/image-v1.0_23@sha256:2c3ea52ac3a41c6d58e85977c3149413e3fa4b70eb2397426456863adbf43306 - - example.com:5000/project/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890 - - example.com/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890 - - my-registry.local/project/my-image@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef \ No newline at end of file + - name: "example.io/my-project/image-v1.0_23@sha256:2c3ea52ac3a41c6d58e85977c3149413e3fa4b70eb2397426456863adbf43306" + - name: "example.com:5000/project/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + - name: "example.com/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + - name: "my-registry.local/project/my-image@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" + - name: Invalid image referenced by tag + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: PinnedImageSet + metadata: + name: test-pinnedimageset + spec: + pinnedImages: + - name: "example.io/my-project/image-v1.0_23:latest" + expectedError: "Invalid value: \"string\": The OCI Image reference must be in the format host[:port][/namespace]/name@sha256: with a valid SHA256 digest" + - name: Invalid empty image + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: PinnedImageSet + metadata: + name: test-pinnedimageset + spec: + pinnedImages: + - name: "" + expectedError: "Invalid value: \"string\": The OCI Image reference must be in the format host[:port][/namespace]/name@sha256: with a valid SHA256 digest" + - name: Should reject a malformed SHA256 digest + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: PinnedImageSet + metadata: + name: test-pinnedimageset-bad-digest + spec: + pinnedImages: + - name: "example.io/bad-digest/image@sha256:12345" + expectedError: "Invalid value: \"string\": The OCI Image reference must be in the format host[:port][/namespace]/name@sha256: with a valid SHA256 digest" + - name: Should accept multiple images with different registries and namespaces + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: PinnedImageSet + metadata: + name: test-pinnedimageset-multiple-registries + spec: + pinnedImages: + - name: "docker.io/project/name@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" + - name: "quay.io/project/name@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" + expected: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: PinnedImageSet + metadata: + name: test-pinnedimageset-multiple-registries + spec: + pinnedImages: + - name: "docker.io/project/name@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" + - name: "quay.io/project/name@sha256:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef" + - name: Should reject images without a registry specified + initial: | + apiVersion: machineconfiguration.openshift.io/v1alpha1 + kind: PinnedImageSet + metadata: + name: test-pinnedimageset-no-registry + spec: + pinnedImages: + - name: "my-project/image@sha256:abcdef1234567890abcdef1234567890abcdef1234567890abcdef1234567890" + expectedError: "Invalid value: \"string\": The OCI Image reference must be in the format host[:port][/namespace]/name@sha256: with a valid SHA256 digest" diff --git a/machineconfiguration/v1alpha1/types_pinnedimageset.go b/machineconfiguration/v1alpha1/types_pinnedimageset.go index 6225df68436..86189622e7a 100644 --- a/machineconfiguration/v1alpha1/types_pinnedimageset.go +++ b/machineconfiguration/v1alpha1/types_pinnedimageset.go @@ -46,19 +46,22 @@ type PinnedImageSetSpec struct { // +kubebuilder:validation:Required // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=2000 - // +listType=atomic + // +listType=map + // +listMapKey=name PinnedImages []PinnedImageRef `json:"pinnedImages"` } -// PinnedImageRef is an OCI Image referenced by digest. -// -// The format of the image ref is: -// host[:port][/namespace]/name@sha256: -// +kubebuilder:validation:Required -// +kubebuilder:validation:MinLength=1 -// +kubebuilder:validation:MaxLength=447 -// +kubebuilder:validation:XValidation:rule=`self.matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*@sha256:[a-f0-9]{64}$')`,message="The image reference must be in the format host[:port][/namespace]/name@sha256: with a valid SHA256 digest" -type PinnedImageRef string +type PinnedImageRef struct { + // name is an OCI Image referenced by digest. + // + // The format of the image ref is: + // host[:port][/namespace]/name@sha256: + // +kubebuilder:validation:Required + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=447 + // +kubebuilder:validation:XValidation:rule=`self.matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*@sha256:[a-f0-9]{64}$')`,message="The OCI Image reference must be in the format host[:port][/namespace]/name@sha256: with a valid SHA256 digest" + Name string `json:"name"` +} // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object diff --git a/machineconfiguration/v1alpha1/zz_generated.deepcopy.go b/machineconfiguration/v1alpha1/zz_generated.deepcopy.go index 758a4e6a080..d1761442001 100644 --- a/machineconfiguration/v1alpha1/zz_generated.deepcopy.go +++ b/machineconfiguration/v1alpha1/zz_generated.deepcopy.go @@ -162,6 +162,22 @@ func (in *MachineConfigNodeStatusMachineConfigVersion) DeepCopy() *MachineConfig return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PinnedImageRef) DeepCopyInto(out *PinnedImageRef) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PinnedImageRef. +func (in *PinnedImageRef) DeepCopy() *PinnedImageRef { + if in == nil { + return nil + } + out := new(PinnedImageRef) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PinnedImageSet) DeepCopyInto(out *PinnedImageSet) { *out = *in diff --git a/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests.yaml b/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests.yaml index f647c78e462..4cd2bf5b6e1 100644 --- a/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests.yaml +++ b/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests.yaml @@ -82,7 +82,7 @@ pinnedimagesets.machineconfiguration.openshift.io: PluralName: pinnedimagesets PrinterColumns: [] Scope: Cluster - ShortName: "" + ShortNames: null TargetFilenamePattern: 0000_80_pinnedimagesetMARKERS.crd.yaml TopLevelFeatureGates: - PinnedImages diff --git a/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests/pinnedimagesets.machineconfiguration.openshift.io/PinnedImages.yaml b/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests/pinnedimagesets.machineconfiguration.openshift.io/PinnedImages.yaml index 7b0d120463a..3676acbeaaf 100644 --- a/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests/pinnedimagesets.machineconfiguration.openshift.io/PinnedImages.yaml +++ b/machineconfiguration/v1alpha1/zz_generated.featuregated-crd-manifests/pinnedimagesets.machineconfiguration.openshift.io/PinnedImages.yaml @@ -50,19 +50,26 @@ spec: ... ] \n These image references should all be by digest, tags aren't allowed." items: - description: "PinnedImageRef is an OCI Image referenced by digest. - \n The format of the image ref is: host[:port][/namespace]/name@sha256:" - maxLength: 447 - minLength: 1 - type: string - x-kubernetes-validations: - - message: The image reference must be in the format host[:port][/namespace]/name@sha256: - with a valid SHA256 digest - rule: self.matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*@sha256:[a-f0-9]{64}$') + properties: + name: + description: "name is an OCI Image referenced by digest. \n + The format of the image ref is: host[:port][/namespace]/name@sha256:" + maxLength: 447 + minLength: 1 + type: string + x-kubernetes-validations: + - message: The OCI Image reference must be in the format host[:port][/namespace]/name@sha256: + with a valid SHA256 digest + rule: self.matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*@sha256:[a-f0-9]{64}$') + required: + - name + type: object maxItems: 2000 minItems: 1 type: array - x-kubernetes-list-type: atomic + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map required: - pinnedImages type: object diff --git a/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go b/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go index cab7373966e..401bff14b86 100644 --- a/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go +++ b/machineconfiguration/v1alpha1/zz_generated.swagger_doc_generated.go @@ -79,6 +79,14 @@ func (MachineConfigNodeStatusMachineConfigVersion) SwaggerDoc() map[string]strin return map_MachineConfigNodeStatusMachineConfigVersion } +var map_PinnedImageRef = map[string]string{ + "name": "name is an OCI Image referenced by digest.\n\nThe format of the image ref is: host[:port][/namespace]/name@sha256:", +} + +func (PinnedImageRef) SwaggerDoc() map[string]string { + return map_PinnedImageRef +} + var map_PinnedImageSet = map[string]string{ "": "PinnedImageSet describes a set of images that should be pinned by CRI-O and pulled to the nodes which are members of the declared MachineConfigPools.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "spec": "spec describes the configuration of this pinned image set.", diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go index 6eea0aa110e..aa264a4a55f 100644 --- a/openapi/generated_openapi/zz_generated.openapi.go +++ b/openapi/generated_openapi/zz_generated.openapi.go @@ -755,6 +755,7 @@ func GetOpenAPIDefinitions(ref common.ReferenceCallback) map[string]common.OpenA "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeSpecMachineConfigVersion": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeSpecMachineConfigVersion(ref), "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatus": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatus(ref), "github.com/openshift/api/machineconfiguration/v1alpha1.MachineConfigNodeStatusMachineConfigVersion": schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatusMachineConfigVersion(ref), + "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageRef": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageRef(ref), "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSet": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSet(ref), "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetList": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetList(ref), "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageSetSpec": schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetSpec(ref), @@ -38557,6 +38558,27 @@ func schema_openshift_api_machineconfiguration_v1alpha1_MachineConfigNodeStatusM } } +func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageRef(ref common.ReferenceCallback) common.OpenAPIDefinition { + return common.OpenAPIDefinition{ + Schema: spec.Schema{ + SchemaProps: spec.SchemaProps{ + Type: []string{"object"}, + Properties: map[string]spec.Schema{ + "name": { + SchemaProps: spec.SchemaProps{ + Description: "name is an OCI Image referenced by digest.\n\nThe format of the image ref is: host[:port][/namespace]/name@sha256:", + Default: "", + Type: []string{"string"}, + Format: "", + }, + }, + }, + Required: []string{"name"}, + }, + }, + } +} + func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSet(ref common.ReferenceCallback) common.OpenAPIDefinition { return common.OpenAPIDefinition{ Schema: spec.Schema{ @@ -38660,7 +38682,10 @@ func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetSpec(ref c "pinnedImages": { VendorExtensible: spec.VendorExtensible{ Extensions: spec.Extensions{ - "x-kubernetes-list-type": "atomic", + "x-kubernetes-list-map-keys": []interface{}{ + "name", + }, + "x-kubernetes-list-type": "map", }, }, SchemaProps: spec.SchemaProps{ @@ -38669,9 +38694,8 @@ func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetSpec(ref c Items: &spec.SchemaOrArray{ Schema: &spec.Schema{ SchemaProps: spec.SchemaProps{ - Default: "", - Type: []string{"string"}, - Format: "", + Default: map[string]interface{}{}, + Ref: ref("github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageRef"), }, }, }, @@ -38681,6 +38705,8 @@ func schema_openshift_api_machineconfiguration_v1alpha1_PinnedImageSetSpec(ref c Required: []string{"pinnedImages"}, }, }, + Dependencies: []string{ + "github.com/openshift/api/machineconfiguration/v1alpha1.PinnedImageRef"}, } } diff --git a/openapi/openapi.json b/openapi/openapi.json index 2b7ec7db798..85a69ed8d7e 100644 --- a/openapi/openapi.json +++ b/openapi/openapi.json @@ -22370,6 +22370,19 @@ } } }, + "com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageRef": { + "type": "object", + "required": [ + "name" + ], + "properties": { + "name": { + "description": "name is an OCI Image referenced by digest.\n\nThe format of the image ref is: host[:port][/namespace]/name@sha256:", + "type": "string", + "default": "" + } + } + }, "com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageSet": { "description": "PinnedImageSet describes a set of images that should be pinned by CRI-O and pulled to the nodes which are members of the declared MachineConfigPools.\n\nCompatibility level 4: No compatibility is provided, the API can change at any point for any reason. These capabilities should not be used by applications needing long term support.", "type": "object", @@ -22437,10 +22450,13 @@ "description": "pinnedImages is a list of OCI Image referenced by digest that should be pinned and pre-loaded by the nodes of a MachineConfigPool. Translates into a new file inside the /etc/crio/crio.conf.d directory with content similar to this:\n\n pinned_images = [\n \"quay.io/openshift-release-dev/ocp-release@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\",\n ...\n ]\n\nThese image references should all be by digest, tags aren't allowed.", "type": "array", "items": { - "type": "string", - "default": "" + "default": {}, + "$ref": "#/definitions/com.github.openshift.api.machineconfiguration.v1alpha1.PinnedImageRef" }, - "x-kubernetes-list-type": "atomic" + "x-kubernetes-list-map-keys": [ + "name" + ], + "x-kubernetes-list-type": "map" } } }, From ca4d81e7bf7497f6046f307af29a1ce5f239e361 Mon Sep 17 00:00:00 2001 From: Sam Batschelet Date: Fri, 15 Mar 2024 16:04:10 -0400 Subject: [PATCH 4/5] update docs and regen crds Signed-off-by: Sam Batschelet --- ...machineconfigpool-CustomNoUpgrade.crd.yaml | 553 ++++++++++++++++++ ...neconfigpool-TechPreviewNoUpgrade.crd.yaml | 553 ++++++++++++++++++ .../custom.machineconfigpool.testsuite.yaml | 18 + .../stable.machineconfigpool.testsuite.yaml | 4 +- ...chpreview.machineconfigpool.testsuite.yaml | 18 + machineconfiguration/v1/types.go | 24 +- ...machineconfigpool-CustomNoUpgrade.crd.yaml | 553 ++++++++++++++++++ ...000_80_machineconfigpool-Default.crd.yaml} | 1 + ...neconfigpool-TechPreviewNoUpgrade.crd.yaml | 553 ++++++++++++++++++ .../PinnedImages.yaml | 550 +++++++++++++++++ .../v1/zz_generated.swagger_doc_generated.go | 2 +- .../v1alpha1/types_pinnedimageset.go | 2 +- ...80_pinnedimageset-CustomNoUpgrade.crd.yaml | 83 +++ ...nnedimageset-TechPreviewNoUpgrade.crd.yaml | 83 +++ 14 files changed, 2984 insertions(+), 13 deletions(-) create mode 100644 machineconfiguration/v1/0000_80_machineconfigpool-CustomNoUpgrade.crd.yaml create mode 100644 machineconfiguration/v1/0000_80_machineconfigpool-TechPreviewNoUpgrade.crd.yaml create mode 100644 machineconfiguration/v1/custom.machineconfigpool.testsuite.yaml create mode 100644 machineconfiguration/v1/techpreview.machineconfigpool.testsuite.yaml create mode 100644 machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool-CustomNoUpgrade.crd.yaml rename machineconfiguration/v1/zz_generated.crd-manifests/{0000_80_machineconfigpool.crd.yaml => 0000_80_machineconfigpool-Default.crd.yaml} (99%) create mode 100644 machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool-TechPreviewNoUpgrade.crd.yaml create mode 100644 machineconfiguration/v1/zz_generated.featuregated-crd-manifests/machineconfigpools.machineconfiguration.openshift.io/PinnedImages.yaml create mode 100644 machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_pinnedimageset-CustomNoUpgrade.crd.yaml create mode 100644 machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_pinnedimageset-TechPreviewNoUpgrade.crd.yaml diff --git a/machineconfiguration/v1/0000_80_machineconfigpool-CustomNoUpgrade.crd.yaml b/machineconfiguration/v1/0000_80_machineconfigpool-CustomNoUpgrade.crd.yaml new file mode 100644 index 00000000000..5646c25968f --- /dev/null +++ b/machineconfiguration/v1/0000_80_machineconfigpool-CustomNoUpgrade.crd.yaml @@ -0,0 +1,553 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade + labels: + openshift.io/operator-managed: "" + name: machineconfigpools.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: MachineConfigPool + listKind: MachineConfigPoolList + plural: machineconfigpools + shortNames: + - mcp + singular: machineconfigpool + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.configuration.name + name: Config + type: string + - description: When all the machines in the pool are updated to the correct machine + config. + jsonPath: .status.conditions[?(@.type=="Updated")].status + name: Updated + type: string + - description: When at least one of machine is not either not updated or is in + the process of updating to the desired machine config. + jsonPath: .status.conditions[?(@.type=="Updating")].status + name: Updating + type: string + - description: When progress is blocked on updating one or more nodes or the pool + configuration is failing. + jsonPath: .status.conditions[?(@.type=="Degraded")].status + name: Degraded + type: string + - description: Total number of machines in the machine config pool + jsonPath: .status.machineCount + name: MachineCount + type: number + - description: Total number of ready machines targeted by the pool + jsonPath: .status.readyMachineCount + name: ReadyMachineCount + type: number + - description: Total number of machines targeted by the pool that have the CurrentMachineConfig + as their config + jsonPath: .status.updatedMachineCount + name: UpdatedMachineCount + type: number + - description: Total number of machines marked degraded (or unreconcilable) + jsonPath: .status.degradedMachineCount + name: DegradedMachineCount + type: number + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: "MachineConfigPool describes a pool of MachineConfigs. \n Compatibility + level 1: Stable within a major release for a minimum of 12 months or 3 minor + releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineConfigPoolSpec is the spec for MachineConfigPool resource. + properties: + configuration: + description: The targeted MachineConfig object for the machine config + pool. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + source: + description: source is the list of MachineConfig objects that + were used to generate the single MachineConfig object specified + in `content`. + items: + description: "ObjectReference contains enough information to + let you inspect or modify the referred object. --- New uses + of this type are discouraged because of difficulty describing + its usage when embedded in APIs. 1. Ignored fields. It includes + many fields which are not generally honored. For instance, + ResourceVersion and FieldPath are both very rarely valid in + actual usage. 2. Invalid usage help. It is impossible to + add specific help for individual usage. In most embedded + usages, there are particular restrictions like, \"must refer + only to types A and B\" or \"UID not honored\" or \"name must + be restricted\". Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, + the validation rules are different by usage, which makes it + hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency + is on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an + underspecified API type they do not control. \n Instead of + using this type, create a locally provided and used type that + is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + machineConfigSelector: + description: machineConfigSelector specifies a label selector for + MachineConfigs. Refer https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + on how label and selectors work. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + maxUnavailable: + anyOf: + - type: integer + - type: string + description: "maxUnavailable defines either an integer number or percentage + of nodes in the pool that can go Unavailable during an update. This + includes nodes Unavailable for any reason, including user initiated + cordons, failing nodes, etc. The default value is 1. \n A value + larger than 1 will mean multiple nodes going unavailable during + the update, which may affect your workload stress on the remaining + nodes. You cannot set this value to 0 to stop updates (it will default + back to 1); to stop updates, use the 'paused' property instead. + Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum + guards, even if maxUnavailable is greater than one." + x-kubernetes-int-or-string: true + nodeSelector: + description: nodeSelector specifies a label selector for Machines + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + paused: + description: paused specifies whether or not changes to this machine + config pool should be stopped. This includes generating new desiredMachineConfig + and update of machines. + type: boolean + pinnedImageSets: + description: "pinnedImageSets specifies a sequence of PinnedImageSetRef + objects for the pool. Nodes within this pool will preload and pin + images defined in the PinnedImageSet. Before pulling images the + MachineConfigDaemon will ensure the total uncompressed size of all + the images does not exceed available resources. If the total size + of the images exceeds the available resources the controller will + report a Degraded status to the MachineConfigPool and not attempt + to pull any images. Also to help ensure the kubelet can mitigate + storage risk, the pinned_image configuration and subsequent service + reload will happen only after all of the images have been pulled + for each set. Images from multiple PinnedImageSets are loaded and + pinned sequentially as listed. Duplicate and existing images will + be skipped. \n Any failure to prefetch or pin images will result + in a Degraded pool. Resolving these failures is the responsibility + of the user. The admin should be proactive in ensuring adequate + storage and proper image authentication exists in advance." + items: + properties: + name: + description: name is a reference to the name of a PinnedImageSet. Must + adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123). + Made up of one of more period-separated (.) segments, where + each segment consists of alphanumeric characters and hyphens + (-), must begin and end with an alphanumeric character, and + is at most 63 characters in length. The total length of the + name must not exceed 253 characters. + maxLength: 253 + minLength: 1 + pattern: ^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$ + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: MachineConfigPoolStatus is the status for MachineConfigPool + resource. + properties: + certExpirys: + description: certExpirys keeps track of important certificate expiration + data + items: + description: ceryExpiry contains the bundle name and the expiry + date + properties: + bundle: + description: bundle is the name of the bundle in which the subject + certificate resides + type: string + expiry: + description: expiry is the date after which the certificate + will no longer be valid + format: date-time + type: string + subject: + description: subject is the subject of the certificate + type: string + required: + - bundle + - subject + type: object + type: array + x-kubernetes-list-type: atomic + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: MachineConfigPoolCondition contains condition information + for an MachineConfigPool. + properties: + lastTransitionTime: + description: lastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + nullable: true + type: string + message: + description: message is a human readable description of the + details of the last transition, complementing reason. + type: string + reason: + description: reason is a brief machine readable explanation + for the condition's last transition. + type: string + status: + description: status of the condition, one of ('True', 'False', + 'Unknown'). + type: string + type: + description: type of the condition, currently ('Done', 'Updating', + 'Failed'). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + configuration: + description: configuration represents the current MachineConfig object + for the machine config pool. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + source: + description: source is the list of MachineConfig objects that + were used to generate the single MachineConfig object specified + in `content`. + items: + description: "ObjectReference contains enough information to + let you inspect or modify the referred object. --- New uses + of this type are discouraged because of difficulty describing + its usage when embedded in APIs. 1. Ignored fields. It includes + many fields which are not generally honored. For instance, + ResourceVersion and FieldPath are both very rarely valid in + actual usage. 2. Invalid usage help. It is impossible to + add specific help for individual usage. In most embedded + usages, there are particular restrictions like, \"must refer + only to types A and B\" or \"UID not honored\" or \"name must + be restricted\". Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, + the validation rules are different by usage, which makes it + hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency + is on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an + underspecified API type they do not control. \n Instead of + using this type, create a locally provided and used type that + is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + degradedMachineCount: + description: degradedMachineCount represents the total number of machines + marked degraded (or unreconcilable). A node is marked degraded if + applying a configuration failed.. + format: int32 + type: integer + machineCount: + description: machineCount represents the total number of machines + in the machine config pool. + format: int32 + type: integer + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + readyMachineCount: + description: readyMachineCount represents the total number of ready + machines targeted by the pool. + format: int32 + type: integer + unavailableMachineCount: + description: unavailableMachineCount represents the total number of + unavailable (non-ready) machines targeted by the pool. A node is + marked unavailable if it is in updating state or NodeReady condition + is false. + format: int32 + type: integer + updatedMachineCount: + description: updatedMachineCount represents the total number of machines + targeted by the pool that have the CurrentMachineConfig as their + config. + format: int32 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/machineconfiguration/v1/0000_80_machineconfigpool-TechPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/0000_80_machineconfigpool-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..7f6d61a57d8 --- /dev/null +++ b/machineconfiguration/v1/0000_80_machineconfigpool-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,553 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + labels: + openshift.io/operator-managed: "" + name: machineconfigpools.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: MachineConfigPool + listKind: MachineConfigPoolList + plural: machineconfigpools + shortNames: + - mcp + singular: machineconfigpool + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.configuration.name + name: Config + type: string + - description: When all the machines in the pool are updated to the correct machine + config. + jsonPath: .status.conditions[?(@.type=="Updated")].status + name: Updated + type: string + - description: When at least one of machine is not either not updated or is in + the process of updating to the desired machine config. + jsonPath: .status.conditions[?(@.type=="Updating")].status + name: Updating + type: string + - description: When progress is blocked on updating one or more nodes or the pool + configuration is failing. + jsonPath: .status.conditions[?(@.type=="Degraded")].status + name: Degraded + type: string + - description: Total number of machines in the machine config pool + jsonPath: .status.machineCount + name: MachineCount + type: number + - description: Total number of ready machines targeted by the pool + jsonPath: .status.readyMachineCount + name: ReadyMachineCount + type: number + - description: Total number of machines targeted by the pool that have the CurrentMachineConfig + as their config + jsonPath: .status.updatedMachineCount + name: UpdatedMachineCount + type: number + - description: Total number of machines marked degraded (or unreconcilable) + jsonPath: .status.degradedMachineCount + name: DegradedMachineCount + type: number + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: "MachineConfigPool describes a pool of MachineConfigs. \n Compatibility + level 1: Stable within a major release for a minimum of 12 months or 3 minor + releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineConfigPoolSpec is the spec for MachineConfigPool resource. + properties: + configuration: + description: The targeted MachineConfig object for the machine config + pool. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + source: + description: source is the list of MachineConfig objects that + were used to generate the single MachineConfig object specified + in `content`. + items: + description: "ObjectReference contains enough information to + let you inspect or modify the referred object. --- New uses + of this type are discouraged because of difficulty describing + its usage when embedded in APIs. 1. Ignored fields. It includes + many fields which are not generally honored. For instance, + ResourceVersion and FieldPath are both very rarely valid in + actual usage. 2. Invalid usage help. It is impossible to + add specific help for individual usage. In most embedded + usages, there are particular restrictions like, \"must refer + only to types A and B\" or \"UID not honored\" or \"name must + be restricted\". Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, + the validation rules are different by usage, which makes it + hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency + is on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an + underspecified API type they do not control. \n Instead of + using this type, create a locally provided and used type that + is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + machineConfigSelector: + description: machineConfigSelector specifies a label selector for + MachineConfigs. Refer https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + on how label and selectors work. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + maxUnavailable: + anyOf: + - type: integer + - type: string + description: "maxUnavailable defines either an integer number or percentage + of nodes in the pool that can go Unavailable during an update. This + includes nodes Unavailable for any reason, including user initiated + cordons, failing nodes, etc. The default value is 1. \n A value + larger than 1 will mean multiple nodes going unavailable during + the update, which may affect your workload stress on the remaining + nodes. You cannot set this value to 0 to stop updates (it will default + back to 1); to stop updates, use the 'paused' property instead. + Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum + guards, even if maxUnavailable is greater than one." + x-kubernetes-int-or-string: true + nodeSelector: + description: nodeSelector specifies a label selector for Machines + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + paused: + description: paused specifies whether or not changes to this machine + config pool should be stopped. This includes generating new desiredMachineConfig + and update of machines. + type: boolean + pinnedImageSets: + description: "pinnedImageSets specifies a sequence of PinnedImageSetRef + objects for the pool. Nodes within this pool will preload and pin + images defined in the PinnedImageSet. Before pulling images the + MachineConfigDaemon will ensure the total uncompressed size of all + the images does not exceed available resources. If the total size + of the images exceeds the available resources the controller will + report a Degraded status to the MachineConfigPool and not attempt + to pull any images. Also to help ensure the kubelet can mitigate + storage risk, the pinned_image configuration and subsequent service + reload will happen only after all of the images have been pulled + for each set. Images from multiple PinnedImageSets are loaded and + pinned sequentially as listed. Duplicate and existing images will + be skipped. \n Any failure to prefetch or pin images will result + in a Degraded pool. Resolving these failures is the responsibility + of the user. The admin should be proactive in ensuring adequate + storage and proper image authentication exists in advance." + items: + properties: + name: + description: name is a reference to the name of a PinnedImageSet. Must + adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123). + Made up of one of more period-separated (.) segments, where + each segment consists of alphanumeric characters and hyphens + (-), must begin and end with an alphanumeric character, and + is at most 63 characters in length. The total length of the + name must not exceed 253 characters. + maxLength: 253 + minLength: 1 + pattern: ^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$ + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: MachineConfigPoolStatus is the status for MachineConfigPool + resource. + properties: + certExpirys: + description: certExpirys keeps track of important certificate expiration + data + items: + description: ceryExpiry contains the bundle name and the expiry + date + properties: + bundle: + description: bundle is the name of the bundle in which the subject + certificate resides + type: string + expiry: + description: expiry is the date after which the certificate + will no longer be valid + format: date-time + type: string + subject: + description: subject is the subject of the certificate + type: string + required: + - bundle + - subject + type: object + type: array + x-kubernetes-list-type: atomic + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: MachineConfigPoolCondition contains condition information + for an MachineConfigPool. + properties: + lastTransitionTime: + description: lastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + nullable: true + type: string + message: + description: message is a human readable description of the + details of the last transition, complementing reason. + type: string + reason: + description: reason is a brief machine readable explanation + for the condition's last transition. + type: string + status: + description: status of the condition, one of ('True', 'False', + 'Unknown'). + type: string + type: + description: type of the condition, currently ('Done', 'Updating', + 'Failed'). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + configuration: + description: configuration represents the current MachineConfig object + for the machine config pool. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + source: + description: source is the list of MachineConfig objects that + were used to generate the single MachineConfig object specified + in `content`. + items: + description: "ObjectReference contains enough information to + let you inspect or modify the referred object. --- New uses + of this type are discouraged because of difficulty describing + its usage when embedded in APIs. 1. Ignored fields. It includes + many fields which are not generally honored. For instance, + ResourceVersion and FieldPath are both very rarely valid in + actual usage. 2. Invalid usage help. It is impossible to + add specific help for individual usage. In most embedded + usages, there are particular restrictions like, \"must refer + only to types A and B\" or \"UID not honored\" or \"name must + be restricted\". Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, + the validation rules are different by usage, which makes it + hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency + is on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an + underspecified API type they do not control. \n Instead of + using this type, create a locally provided and used type that + is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + degradedMachineCount: + description: degradedMachineCount represents the total number of machines + marked degraded (or unreconcilable). A node is marked degraded if + applying a configuration failed.. + format: int32 + type: integer + machineCount: + description: machineCount represents the total number of machines + in the machine config pool. + format: int32 + type: integer + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + readyMachineCount: + description: readyMachineCount represents the total number of ready + machines targeted by the pool. + format: int32 + type: integer + unavailableMachineCount: + description: unavailableMachineCount represents the total number of + unavailable (non-ready) machines targeted by the pool. A node is + marked unavailable if it is in updating state or NodeReady condition + is false. + format: int32 + type: integer + updatedMachineCount: + description: updatedMachineCount represents the total number of machines + targeted by the pool that have the CurrentMachineConfig as their + config. + format: int32 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/machineconfiguration/v1/custom.machineconfigpool.testsuite.yaml b/machineconfiguration/v1/custom.machineconfigpool.testsuite.yaml new file mode 100644 index 00000000000..ac8850df180 --- /dev/null +++ b/machineconfiguration/v1/custom.machineconfigpool.testsuite.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[Custom] MachineConfigPool" +crd: 0000_80_machineconfigpool-TechPreviewNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal MachineConfigPool + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfigPool + spec: + pinnedImageSets: + - name: test-pinnedimageset + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfigPool + spec: + pinnedImageSets: + - name: test-pinnedimageset diff --git a/machineconfiguration/v1/stable.machineconfigpool.testsuite.yaml b/machineconfiguration/v1/stable.machineconfigpool.testsuite.yaml index 37fb01e7333..65ee10a431b 100644 --- a/machineconfiguration/v1/stable.machineconfigpool.testsuite.yaml +++ b/machineconfiguration/v1/stable.machineconfigpool.testsuite.yaml @@ -1,6 +1,6 @@ apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this -name: "[Stable] MachineConfigPool" -crd: 0000_80_machineconfigpool.crd.yaml +name: "[Default] MachineConfigPool" +crd: 0000_80_machineconfigpool-Default.crd.yaml tests: onCreate: - name: Should be able to create a minimal MachineConfigPool diff --git a/machineconfiguration/v1/techpreview.machineconfigpool.testsuite.yaml b/machineconfiguration/v1/techpreview.machineconfigpool.testsuite.yaml new file mode 100644 index 00000000000..490b3bbf52b --- /dev/null +++ b/machineconfiguration/v1/techpreview.machineconfigpool.testsuite.yaml @@ -0,0 +1,18 @@ +apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this +name: "[TechPreview] MachineConfigPool" +crd: 0000_80_machineconfigpool-TechPreviewNoUpgrade.crd.yaml +tests: + onCreate: + - name: Should be able to create a minimal MachineConfigPool + initial: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfigPool + spec: + pinnedImageSets: + - name: test-pinnedimageset + expected: | + apiVersion: machineconfiguration.openshift.io/v1 + kind: MachineConfigPool + spec: + pinnedImageSets: + - name: test-pinnedimageset diff --git a/machineconfiguration/v1/types.go b/machineconfiguration/v1/types.go index de6fad35725..6dbe2a0adc6 100644 --- a/machineconfiguration/v1/types.go +++ b/machineconfiguration/v1/types.go @@ -424,16 +424,22 @@ type MachineConfigPoolSpec struct { // pinnedImageSets specifies a sequence of PinnedImageSetRef objects for the // pool. Nodes within this pool will preload and pin images defined in the - // PinnedImageSet. Before pulling images the controller will ensure the - // total uncompressed size of all the images does not exceed available - // resources. Images from multiple PinnedImageSets are loaded and pinned - // sequentially as listed. Duplicate and existing images will be + // PinnedImageSet. Before pulling images the MachineConfigDaemon will ensure + // the total uncompressed size of all the images does not exceed available + // resources. If the total size of the images exceeds the available + // resources the controller will report a Degraded status to the + // MachineConfigPool and not attempt to pull any images. Also to help ensure + // the kubelet can mitigate storage risk, the pinned_image configuration and + // subsequent service reload will happen only after all of the images have + // been pulled for each set. Images from multiple PinnedImageSets are loaded + // and pinned sequentially as listed. Duplicate and existing images will be // skipped. // - // Failure to pull an image by a node results in the MachineConfigPool - // status set to Degraded. Resolving such failures is the responsibility of - // the user. - // +openshift:enable:FeatureGate=PinnedImages + // Any failure to prefetch or pin images will result in a Degraded pool. + // Resolving these failures is the responsibility of the user. The admin + // should be proactive in ensuring adequate storage and proper image + // authentication exists in advance. + // +openshift:enable:FeatureGate=PinnedImages // +optional // +listType=map // +listMapKey=name @@ -451,7 +457,7 @@ type PinnedImageSetRef struct { // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=253 // +kubebuilder:validation:Pattern=`^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$` - // +kubebuilder:validation:Required + // +kubebuilder:validation:Required Name string `json:"name"` } diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool-CustomNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool-CustomNoUpgrade.crd.yaml new file mode 100644 index 00000000000..5646c25968f --- /dev/null +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool-CustomNoUpgrade.crd.yaml @@ -0,0 +1,553 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade + labels: + openshift.io/operator-managed: "" + name: machineconfigpools.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: MachineConfigPool + listKind: MachineConfigPoolList + plural: machineconfigpools + shortNames: + - mcp + singular: machineconfigpool + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.configuration.name + name: Config + type: string + - description: When all the machines in the pool are updated to the correct machine + config. + jsonPath: .status.conditions[?(@.type=="Updated")].status + name: Updated + type: string + - description: When at least one of machine is not either not updated or is in + the process of updating to the desired machine config. + jsonPath: .status.conditions[?(@.type=="Updating")].status + name: Updating + type: string + - description: When progress is blocked on updating one or more nodes or the pool + configuration is failing. + jsonPath: .status.conditions[?(@.type=="Degraded")].status + name: Degraded + type: string + - description: Total number of machines in the machine config pool + jsonPath: .status.machineCount + name: MachineCount + type: number + - description: Total number of ready machines targeted by the pool + jsonPath: .status.readyMachineCount + name: ReadyMachineCount + type: number + - description: Total number of machines targeted by the pool that have the CurrentMachineConfig + as their config + jsonPath: .status.updatedMachineCount + name: UpdatedMachineCount + type: number + - description: Total number of machines marked degraded (or unreconcilable) + jsonPath: .status.degradedMachineCount + name: DegradedMachineCount + type: number + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: "MachineConfigPool describes a pool of MachineConfigs. \n Compatibility + level 1: Stable within a major release for a minimum of 12 months or 3 minor + releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineConfigPoolSpec is the spec for MachineConfigPool resource. + properties: + configuration: + description: The targeted MachineConfig object for the machine config + pool. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + source: + description: source is the list of MachineConfig objects that + were used to generate the single MachineConfig object specified + in `content`. + items: + description: "ObjectReference contains enough information to + let you inspect or modify the referred object. --- New uses + of this type are discouraged because of difficulty describing + its usage when embedded in APIs. 1. Ignored fields. It includes + many fields which are not generally honored. For instance, + ResourceVersion and FieldPath are both very rarely valid in + actual usage. 2. Invalid usage help. It is impossible to + add specific help for individual usage. In most embedded + usages, there are particular restrictions like, \"must refer + only to types A and B\" or \"UID not honored\" or \"name must + be restricted\". Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, + the validation rules are different by usage, which makes it + hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency + is on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an + underspecified API type they do not control. \n Instead of + using this type, create a locally provided and used type that + is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + machineConfigSelector: + description: machineConfigSelector specifies a label selector for + MachineConfigs. Refer https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + on how label and selectors work. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + maxUnavailable: + anyOf: + - type: integer + - type: string + description: "maxUnavailable defines either an integer number or percentage + of nodes in the pool that can go Unavailable during an update. This + includes nodes Unavailable for any reason, including user initiated + cordons, failing nodes, etc. The default value is 1. \n A value + larger than 1 will mean multiple nodes going unavailable during + the update, which may affect your workload stress on the remaining + nodes. You cannot set this value to 0 to stop updates (it will default + back to 1); to stop updates, use the 'paused' property instead. + Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum + guards, even if maxUnavailable is greater than one." + x-kubernetes-int-or-string: true + nodeSelector: + description: nodeSelector specifies a label selector for Machines + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + paused: + description: paused specifies whether or not changes to this machine + config pool should be stopped. This includes generating new desiredMachineConfig + and update of machines. + type: boolean + pinnedImageSets: + description: "pinnedImageSets specifies a sequence of PinnedImageSetRef + objects for the pool. Nodes within this pool will preload and pin + images defined in the PinnedImageSet. Before pulling images the + MachineConfigDaemon will ensure the total uncompressed size of all + the images does not exceed available resources. If the total size + of the images exceeds the available resources the controller will + report a Degraded status to the MachineConfigPool and not attempt + to pull any images. Also to help ensure the kubelet can mitigate + storage risk, the pinned_image configuration and subsequent service + reload will happen only after all of the images have been pulled + for each set. Images from multiple PinnedImageSets are loaded and + pinned sequentially as listed. Duplicate and existing images will + be skipped. \n Any failure to prefetch or pin images will result + in a Degraded pool. Resolving these failures is the responsibility + of the user. The admin should be proactive in ensuring adequate + storage and proper image authentication exists in advance." + items: + properties: + name: + description: name is a reference to the name of a PinnedImageSet. Must + adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123). + Made up of one of more period-separated (.) segments, where + each segment consists of alphanumeric characters and hyphens + (-), must begin and end with an alphanumeric character, and + is at most 63 characters in length. The total length of the + name must not exceed 253 characters. + maxLength: 253 + minLength: 1 + pattern: ^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$ + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: MachineConfigPoolStatus is the status for MachineConfigPool + resource. + properties: + certExpirys: + description: certExpirys keeps track of important certificate expiration + data + items: + description: ceryExpiry contains the bundle name and the expiry + date + properties: + bundle: + description: bundle is the name of the bundle in which the subject + certificate resides + type: string + expiry: + description: expiry is the date after which the certificate + will no longer be valid + format: date-time + type: string + subject: + description: subject is the subject of the certificate + type: string + required: + - bundle + - subject + type: object + type: array + x-kubernetes-list-type: atomic + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: MachineConfigPoolCondition contains condition information + for an MachineConfigPool. + properties: + lastTransitionTime: + description: lastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + nullable: true + type: string + message: + description: message is a human readable description of the + details of the last transition, complementing reason. + type: string + reason: + description: reason is a brief machine readable explanation + for the condition's last transition. + type: string + status: + description: status of the condition, one of ('True', 'False', + 'Unknown'). + type: string + type: + description: type of the condition, currently ('Done', 'Updating', + 'Failed'). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + configuration: + description: configuration represents the current MachineConfig object + for the machine config pool. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + source: + description: source is the list of MachineConfig objects that + were used to generate the single MachineConfig object specified + in `content`. + items: + description: "ObjectReference contains enough information to + let you inspect or modify the referred object. --- New uses + of this type are discouraged because of difficulty describing + its usage when embedded in APIs. 1. Ignored fields. It includes + many fields which are not generally honored. For instance, + ResourceVersion and FieldPath are both very rarely valid in + actual usage. 2. Invalid usage help. It is impossible to + add specific help for individual usage. In most embedded + usages, there are particular restrictions like, \"must refer + only to types A and B\" or \"UID not honored\" or \"name must + be restricted\". Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, + the validation rules are different by usage, which makes it + hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency + is on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an + underspecified API type they do not control. \n Instead of + using this type, create a locally provided and used type that + is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + degradedMachineCount: + description: degradedMachineCount represents the total number of machines + marked degraded (or unreconcilable). A node is marked degraded if + applying a configuration failed.. + format: int32 + type: integer + machineCount: + description: machineCount represents the total number of machines + in the machine config pool. + format: int32 + type: integer + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + readyMachineCount: + description: readyMachineCount represents the total number of ready + machines targeted by the pool. + format: int32 + type: integer + unavailableMachineCount: + description: unavailableMachineCount represents the total number of + unavailable (non-ready) machines targeted by the pool. A node is + marked unavailable if it is in updating state or NodeReady condition + is false. + format: int32 + type: integer + updatedMachineCount: + description: updatedMachineCount represents the total number of machines + targeted by the pool that have the CurrentMachineConfig as their + config. + format: int32 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool-Default.crd.yaml similarity index 99% rename from machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool.crd.yaml rename to machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool-Default.crd.yaml index c54fdbd6b9e..39434c3d499 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool-Default.crd.yaml @@ -7,6 +7,7 @@ metadata: include.release.openshift.io/ibm-cloud-managed: "true" include.release.openshift.io/self-managed-high-availability: "true" include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: Default labels: openshift.io/operator-managed: "" name: machineconfigpools.machineconfiguration.openshift.io diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool-TechPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..7f6d61a57d8 --- /dev/null +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,553 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + labels: + openshift.io/operator-managed: "" + name: machineconfigpools.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: MachineConfigPool + listKind: MachineConfigPoolList + plural: machineconfigpools + shortNames: + - mcp + singular: machineconfigpool + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.configuration.name + name: Config + type: string + - description: When all the machines in the pool are updated to the correct machine + config. + jsonPath: .status.conditions[?(@.type=="Updated")].status + name: Updated + type: string + - description: When at least one of machine is not either not updated or is in + the process of updating to the desired machine config. + jsonPath: .status.conditions[?(@.type=="Updating")].status + name: Updating + type: string + - description: When progress is blocked on updating one or more nodes or the pool + configuration is failing. + jsonPath: .status.conditions[?(@.type=="Degraded")].status + name: Degraded + type: string + - description: Total number of machines in the machine config pool + jsonPath: .status.machineCount + name: MachineCount + type: number + - description: Total number of ready machines targeted by the pool + jsonPath: .status.readyMachineCount + name: ReadyMachineCount + type: number + - description: Total number of machines targeted by the pool that have the CurrentMachineConfig + as their config + jsonPath: .status.updatedMachineCount + name: UpdatedMachineCount + type: number + - description: Total number of machines marked degraded (or unreconcilable) + jsonPath: .status.degradedMachineCount + name: DegradedMachineCount + type: number + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: "MachineConfigPool describes a pool of MachineConfigs. \n Compatibility + level 1: Stable within a major release for a minimum of 12 months or 3 minor + releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineConfigPoolSpec is the spec for MachineConfigPool resource. + properties: + configuration: + description: The targeted MachineConfig object for the machine config + pool. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + source: + description: source is the list of MachineConfig objects that + were used to generate the single MachineConfig object specified + in `content`. + items: + description: "ObjectReference contains enough information to + let you inspect or modify the referred object. --- New uses + of this type are discouraged because of difficulty describing + its usage when embedded in APIs. 1. Ignored fields. It includes + many fields which are not generally honored. For instance, + ResourceVersion and FieldPath are both very rarely valid in + actual usage. 2. Invalid usage help. It is impossible to + add specific help for individual usage. In most embedded + usages, there are particular restrictions like, \"must refer + only to types A and B\" or \"UID not honored\" or \"name must + be restricted\". Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, + the validation rules are different by usage, which makes it + hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency + is on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an + underspecified API type they do not control. \n Instead of + using this type, create a locally provided and used type that + is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + machineConfigSelector: + description: machineConfigSelector specifies a label selector for + MachineConfigs. Refer https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + on how label and selectors work. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + maxUnavailable: + anyOf: + - type: integer + - type: string + description: "maxUnavailable defines either an integer number or percentage + of nodes in the pool that can go Unavailable during an update. This + includes nodes Unavailable for any reason, including user initiated + cordons, failing nodes, etc. The default value is 1. \n A value + larger than 1 will mean multiple nodes going unavailable during + the update, which may affect your workload stress on the remaining + nodes. You cannot set this value to 0 to stop updates (it will default + back to 1); to stop updates, use the 'paused' property instead. + Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum + guards, even if maxUnavailable is greater than one." + x-kubernetes-int-or-string: true + nodeSelector: + description: nodeSelector specifies a label selector for Machines + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + paused: + description: paused specifies whether or not changes to this machine + config pool should be stopped. This includes generating new desiredMachineConfig + and update of machines. + type: boolean + pinnedImageSets: + description: "pinnedImageSets specifies a sequence of PinnedImageSetRef + objects for the pool. Nodes within this pool will preload and pin + images defined in the PinnedImageSet. Before pulling images the + MachineConfigDaemon will ensure the total uncompressed size of all + the images does not exceed available resources. If the total size + of the images exceeds the available resources the controller will + report a Degraded status to the MachineConfigPool and not attempt + to pull any images. Also to help ensure the kubelet can mitigate + storage risk, the pinned_image configuration and subsequent service + reload will happen only after all of the images have been pulled + for each set. Images from multiple PinnedImageSets are loaded and + pinned sequentially as listed. Duplicate and existing images will + be skipped. \n Any failure to prefetch or pin images will result + in a Degraded pool. Resolving these failures is the responsibility + of the user. The admin should be proactive in ensuring adequate + storage and proper image authentication exists in advance." + items: + properties: + name: + description: name is a reference to the name of a PinnedImageSet. Must + adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123). + Made up of one of more period-separated (.) segments, where + each segment consists of alphanumeric characters and hyphens + (-), must begin and end with an alphanumeric character, and + is at most 63 characters in length. The total length of the + name must not exceed 253 characters. + maxLength: 253 + minLength: 1 + pattern: ^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$ + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: MachineConfigPoolStatus is the status for MachineConfigPool + resource. + properties: + certExpirys: + description: certExpirys keeps track of important certificate expiration + data + items: + description: ceryExpiry contains the bundle name and the expiry + date + properties: + bundle: + description: bundle is the name of the bundle in which the subject + certificate resides + type: string + expiry: + description: expiry is the date after which the certificate + will no longer be valid + format: date-time + type: string + subject: + description: subject is the subject of the certificate + type: string + required: + - bundle + - subject + type: object + type: array + x-kubernetes-list-type: atomic + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: MachineConfigPoolCondition contains condition information + for an MachineConfigPool. + properties: + lastTransitionTime: + description: lastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + nullable: true + type: string + message: + description: message is a human readable description of the + details of the last transition, complementing reason. + type: string + reason: + description: reason is a brief machine readable explanation + for the condition's last transition. + type: string + status: + description: status of the condition, one of ('True', 'False', + 'Unknown'). + type: string + type: + description: type of the condition, currently ('Done', 'Updating', + 'Failed'). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + configuration: + description: configuration represents the current MachineConfig object + for the machine config pool. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + source: + description: source is the list of MachineConfig objects that + were used to generate the single MachineConfig object specified + in `content`. + items: + description: "ObjectReference contains enough information to + let you inspect or modify the referred object. --- New uses + of this type are discouraged because of difficulty describing + its usage when embedded in APIs. 1. Ignored fields. It includes + many fields which are not generally honored. For instance, + ResourceVersion and FieldPath are both very rarely valid in + actual usage. 2. Invalid usage help. It is impossible to + add specific help for individual usage. In most embedded + usages, there are particular restrictions like, \"must refer + only to types A and B\" or \"UID not honored\" or \"name must + be restricted\". Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, + the validation rules are different by usage, which makes it + hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency + is on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an + underspecified API type they do not control. \n Instead of + using this type, create a locally provided and used type that + is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + degradedMachineCount: + description: degradedMachineCount represents the total number of machines + marked degraded (or unreconcilable). A node is marked degraded if + applying a configuration failed.. + format: int32 + type: integer + machineCount: + description: machineCount represents the total number of machines + in the machine config pool. + format: int32 + type: integer + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + readyMachineCount: + description: readyMachineCount represents the total number of ready + machines targeted by the pool. + format: int32 + type: integer + unavailableMachineCount: + description: unavailableMachineCount represents the total number of + unavailable (non-ready) machines targeted by the pool. A node is + marked unavailable if it is in updating state or NodeReady condition + is false. + format: int32 + type: integer + updatedMachineCount: + description: updatedMachineCount represents the total number of machines + targeted by the pool that have the CurrentMachineConfig as their + config. + format: int32 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/machineconfigpools.machineconfiguration.openshift.io/PinnedImages.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/machineconfigpools.machineconfiguration.openshift.io/PinnedImages.yaml new file mode 100644 index 00000000000..f6974857379 --- /dev/null +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/machineconfigpools.machineconfiguration.openshift.io/PinnedImages.yaml @@ -0,0 +1,550 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1453 + api.openshift.io/filename-pattern: 0000_80_machineconfigpoolMARKERS.crd.yaml + feature-gate.release.openshift.io/PinnedImages: "true" + labels: + openshift.io/operator-managed: "" + name: machineconfigpools.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: MachineConfigPool + listKind: MachineConfigPoolList + plural: machineconfigpools + shortNames: + - mcp + singular: machineconfigpool + scope: Cluster + versions: + - additionalPrinterColumns: + - jsonPath: .status.configuration.name + name: Config + type: string + - description: When all the machines in the pool are updated to the correct machine + config. + jsonPath: .status.conditions[?(@.type=="Updated")].status + name: Updated + type: string + - description: When at least one of machine is not either not updated or is in + the process of updating to the desired machine config. + jsonPath: .status.conditions[?(@.type=="Updating")].status + name: Updating + type: string + - description: When progress is blocked on updating one or more nodes or the pool + configuration is failing. + jsonPath: .status.conditions[?(@.type=="Degraded")].status + name: Degraded + type: string + - description: Total number of machines in the machine config pool + jsonPath: .status.machineCount + name: MachineCount + type: number + - description: Total number of ready machines targeted by the pool + jsonPath: .status.readyMachineCount + name: ReadyMachineCount + type: number + - description: Total number of machines targeted by the pool that have the CurrentMachineConfig + as their config + jsonPath: .status.updatedMachineCount + name: UpdatedMachineCount + type: number + - description: Total number of machines marked degraded (or unreconcilable) + jsonPath: .status.degradedMachineCount + name: DegradedMachineCount + type: number + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1 + schema: + openAPIV3Schema: + description: "MachineConfigPool describes a pool of MachineConfigs. \n Compatibility + level 1: Stable within a major release for a minimum of 12 months or 3 minor + releases (whichever is longer)." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: MachineConfigPoolSpec is the spec for MachineConfigPool resource. + properties: + configuration: + description: The targeted MachineConfig object for the machine config + pool. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + source: + description: source is the list of MachineConfig objects that + were used to generate the single MachineConfig object specified + in `content`. + items: + description: "ObjectReference contains enough information to + let you inspect or modify the referred object. --- New uses + of this type are discouraged because of difficulty describing + its usage when embedded in APIs. 1. Ignored fields. It includes + many fields which are not generally honored. For instance, + ResourceVersion and FieldPath are both very rarely valid in + actual usage. 2. Invalid usage help. It is impossible to + add specific help for individual usage. In most embedded + usages, there are particular restrictions like, \"must refer + only to types A and B\" or \"UID not honored\" or \"name must + be restricted\". Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, + the validation rules are different by usage, which makes it + hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency + is on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an + underspecified API type they do not control. \n Instead of + using this type, create a locally provided and used type that + is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + machineConfigSelector: + description: machineConfigSelector specifies a label selector for + MachineConfigs. Refer https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + on how label and selectors work. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + maxUnavailable: + anyOf: + - type: integer + - type: string + description: "maxUnavailable defines either an integer number or percentage + of nodes in the pool that can go Unavailable during an update. This + includes nodes Unavailable for any reason, including user initiated + cordons, failing nodes, etc. The default value is 1. \n A value + larger than 1 will mean multiple nodes going unavailable during + the update, which may affect your workload stress on the remaining + nodes. You cannot set this value to 0 to stop updates (it will default + back to 1); to stop updates, use the 'paused' property instead. + Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum + guards, even if maxUnavailable is greater than one." + x-kubernetes-int-or-string: true + nodeSelector: + description: nodeSelector specifies a label selector for Machines + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + paused: + description: paused specifies whether or not changes to this machine + config pool should be stopped. This includes generating new desiredMachineConfig + and update of machines. + type: boolean + pinnedImageSets: + description: "pinnedImageSets specifies a sequence of PinnedImageSetRef + objects for the pool. Nodes within this pool will preload and pin + images defined in the PinnedImageSet. Before pulling images the + MachineConfigDaemon will ensure the total uncompressed size of all + the images does not exceed available resources. If the total size + of the images exceeds the available resources the controller will + report a Degraded status to the MachineConfigPool and not attempt + to pull any images. Also to help ensure the kubelet can mitigate + storage risk, the pinned_image configuration and subsequent service + reload will happen only after all of the images have been pulled + for each set. Images from multiple PinnedImageSets are loaded and + pinned sequentially as listed. Duplicate and existing images will + be skipped. \n Any failure to prefetch or pin images will result + in a Degraded pool. Resolving these failures is the responsibility + of the user. The admin should be proactive in ensuring adequate + storage and proper image authentication exists in advance." + items: + properties: + name: + description: name is a reference to the name of a PinnedImageSet. Must + adhere to RFC-1123 (https://tools.ietf.org/html/rfc1123). + Made up of one of more period-separated (.) segments, where + each segment consists of alphanumeric characters and hyphens + (-), must begin and end with an alphanumeric character, and + is at most 63 characters in length. The total length of the + name must not exceed 253 characters. + maxLength: 253 + minLength: 1 + pattern: ^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$ + type: string + required: + - name + type: object + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + type: object + status: + description: MachineConfigPoolStatus is the status for MachineConfigPool + resource. + properties: + certExpirys: + description: certExpirys keeps track of important certificate expiration + data + items: + description: ceryExpiry contains the bundle name and the expiry + date + properties: + bundle: + description: bundle is the name of the bundle in which the subject + certificate resides + type: string + expiry: + description: expiry is the date after which the certificate + will no longer be valid + format: date-time + type: string + subject: + description: subject is the subject of the certificate + type: string + required: + - bundle + - subject + type: object + type: array + x-kubernetes-list-type: atomic + conditions: + description: conditions represents the latest available observations + of current state. + items: + description: MachineConfigPoolCondition contains condition information + for an MachineConfigPool. + properties: + lastTransitionTime: + description: lastTransitionTime is the timestamp corresponding + to the last status change of this condition. + format: date-time + nullable: true + type: string + message: + description: message is a human readable description of the + details of the last transition, complementing reason. + type: string + reason: + description: reason is a brief machine readable explanation + for the condition's last transition. + type: string + status: + description: status of the condition, one of ('True', 'False', + 'Unknown'). + type: string + type: + description: type of the condition, currently ('Done', 'Updating', + 'Failed'). + type: string + type: object + type: array + x-kubernetes-list-type: atomic + configuration: + description: configuration represents the current MachineConfig object + for the machine config pool. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead of + an entire object, this string should contain a valid JSON/Go + field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within + a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" + (container with index 2 in this pod). This syntax is chosen + only to have some well-defined way of referencing a part of + an object. TODO: this design is not final and this field is + subject to change in the future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + source: + description: source is the list of MachineConfig objects that + were used to generate the single MachineConfig object specified + in `content`. + items: + description: "ObjectReference contains enough information to + let you inspect or modify the referred object. --- New uses + of this type are discouraged because of difficulty describing + its usage when embedded in APIs. 1. Ignored fields. It includes + many fields which are not generally honored. For instance, + ResourceVersion and FieldPath are both very rarely valid in + actual usage. 2. Invalid usage help. It is impossible to + add specific help for individual usage. In most embedded + usages, there are particular restrictions like, \"must refer + only to types A and B\" or \"UID not honored\" or \"name must + be restricted\". Those cannot be well described when embedded. + 3. Inconsistent validation. Because the usages are different, + the validation rules are different by usage, which makes it + hard for users to predict what will happen. 4. The fields + are both imprecise and overly precise. Kind is not a precise + mapping to a URL. This can produce ambiguity during interpretation + and require a REST mapping. In most cases, the dependency + is on the group,resource tuple and the version of the actual + struct is irrelevant. 5. We cannot easily change it. Because + this type is embedded in many locations, updates to this type + will affect numerous schemas. Don't make new APIs embed an + underspecified API type they do not control. \n Instead of + using this type, create a locally provided and used type that + is well-focused on your reference. For example, ServiceReferences + for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + ." + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + type: array + x-kubernetes-list-type: atomic + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + x-kubernetes-map-type: atomic + degradedMachineCount: + description: degradedMachineCount represents the total number of machines + marked degraded (or unreconcilable). A node is marked degraded if + applying a configuration failed.. + format: int32 + type: integer + machineCount: + description: machineCount represents the total number of machines + in the machine config pool. + format: int32 + type: integer + observedGeneration: + description: observedGeneration represents the generation observed + by the controller. + format: int64 + type: integer + readyMachineCount: + description: readyMachineCount represents the total number of ready + machines targeted by the pool. + format: int32 + type: integer + unavailableMachineCount: + description: unavailableMachineCount represents the total number of + unavailable (non-ready) machines targeted by the pool. A node is + marked unavailable if it is in updating state or NodeReady condition + is false. + format: int32 + type: integer + updatedMachineCount: + description: updatedMachineCount represents the total number of machines + targeted by the pool that have the CurrentMachineConfig as their + config. + format: int32 + type: integer + type: object + required: + - spec + type: object + served: true + storage: true + subresources: + status: {} diff --git a/machineconfiguration/v1/zz_generated.swagger_doc_generated.go b/machineconfiguration/v1/zz_generated.swagger_doc_generated.go index c39ac69f1fe..8923b78b8b1 100644 --- a/machineconfiguration/v1/zz_generated.swagger_doc_generated.go +++ b/machineconfiguration/v1/zz_generated.swagger_doc_generated.go @@ -279,7 +279,7 @@ var map_MachineConfigPoolSpec = map[string]string{ "paused": "paused specifies whether or not changes to this machine config pool should be stopped. This includes generating new desiredMachineConfig and update of machines.", "maxUnavailable": "maxUnavailable defines either an integer number or percentage of nodes in the pool that can go Unavailable during an update. This includes nodes Unavailable for any reason, including user initiated cordons, failing nodes, etc. The default value is 1.\n\nA value larger than 1 will mean multiple nodes going unavailable during the update, which may affect your workload stress on the remaining nodes. You cannot set this value to 0 to stop updates (it will default back to 1); to stop updates, use the 'paused' property instead. Drain will respect Pod Disruption Budgets (PDBs) such as etcd quorum guards, even if maxUnavailable is greater than one.", "configuration": "The targeted MachineConfig object for the machine config pool.", - "pinnedImageSets": "pinnedImageSets specifies a sequence of PinnedImageSetRef objects for the pool. Nodes within this pool will preload and pin images defined in the PinnedImageSet. Before pulling images the controller will ensure the total uncompressed size of all the images does not exceed available resources. Images from multiple PinnedImageSets are loaded and pinned sequentially as listed. Duplicate and existing images will be skipped.\n\nFailure to pull an image by a node results in the MachineConfigPool status set to Degraded. Resolving such failures is the responsibility of the user.", + "pinnedImageSets": "pinnedImageSets specifies a sequence of PinnedImageSetRef objects for the pool. Nodes within this pool will preload and pin images defined in the PinnedImageSet. Before pulling images the MachineConfigDaemon will ensure the total uncompressed size of all the images does not exceed available resources. If the total size of the images exceeds the available resources the controller will report a Degraded status to the MachineConfigPool and not attempt to pull any images. Also to help ensure the kubelet can mitigate storage risk, the pinned_image configuration and subsequent service reload will happen only after all of the images have been pulled for each set. Images from multiple PinnedImageSets are loaded and pinned sequentially as listed. Duplicate and existing images will be skipped.\n\nAny failure to prefetch or pin images will result in a Degraded pool. Resolving these failures is the responsibility of the user. The admin should be proactive in ensuring adequate storage and proper image authentication exists in advance.", } func (MachineConfigPoolSpec) SwaggerDoc() map[string]string { diff --git a/machineconfiguration/v1alpha1/types_pinnedimageset.go b/machineconfiguration/v1alpha1/types_pinnedimageset.go index 86189622e7a..4519fd78e37 100644 --- a/machineconfiguration/v1alpha1/types_pinnedimageset.go +++ b/machineconfiguration/v1alpha1/types_pinnedimageset.go @@ -46,7 +46,7 @@ type PinnedImageSetSpec struct { // +kubebuilder:validation:Required // +kubebuilder:validation:MinItems=1 // +kubebuilder:validation:MaxItems=2000 - // +listType=map + // +listType=map // +listMapKey=name PinnedImages []PinnedImageRef `json:"pinnedImages"` } diff --git a/machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_pinnedimageset-CustomNoUpgrade.crd.yaml b/machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_pinnedimageset-CustomNoUpgrade.crd.yaml new file mode 100644 index 00000000000..d803f005d60 --- /dev/null +++ b/machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_pinnedimageset-CustomNoUpgrade.crd.yaml @@ -0,0 +1,83 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1713 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: CustomNoUpgrade + labels: + openshift.io/operator-managed: "" + name: pinnedimagesets.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: PinnedImageSet + listKind: PinnedImageSetList + plural: pinnedimagesets + singular: pinnedimageset + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "PinnedImageSet describes a set of images that should be pinned + by CRI-O and pulled to the nodes which are members of the declared MachineConfigPools. + \n Compatibility level 4: No compatibility is provided, the API can change + at any point for any reason. These capabilities should not be used by applications + needing long term support." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec describes the configuration of this pinned image set. + properties: + pinnedImages: + description: "pinnedImages is a list of OCI Image referenced by digest + that should be pinned and pre-loaded by the nodes of a MachineConfigPool. + Translates into a new file inside the /etc/crio/crio.conf.d directory + with content similar to this: \n pinned_images = [ \"quay.io/openshift-release-dev/ocp-release@sha256:...\", + \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\", \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\", + ... ] \n These image references should all be by digest, tags aren't + allowed." + items: + properties: + name: + description: "name is an OCI Image referenced by digest. \n + The format of the image ref is: host[:port][/namespace]/name@sha256:" + maxLength: 447 + minLength: 1 + type: string + x-kubernetes-validations: + - message: The OCI Image reference must be in the format host[:port][/namespace]/name@sha256: + with a valid SHA256 digest + rule: self.matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*@sha256:[a-f0-9]{64}$') + required: + - name + type: object + maxItems: 2000 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - pinnedImages + type: object + required: + - spec + type: object + served: true + storage: true diff --git a/machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_pinnedimageset-TechPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_pinnedimageset-TechPreviewNoUpgrade.crd.yaml new file mode 100644 index 00000000000..94482d9a761 --- /dev/null +++ b/machineconfiguration/v1alpha1/zz_generated.crd-manifests/0000_80_pinnedimageset-TechPreviewNoUpgrade.crd.yaml @@ -0,0 +1,83 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + api-approved.openshift.io: https://github.com/openshift/api/pull/1713 + api.openshift.io/merged-by-featuregates: "true" + include.release.openshift.io/ibm-cloud-managed: "true" + include.release.openshift.io/self-managed-high-availability: "true" + include.release.openshift.io/single-node-developer: "true" + release.openshift.io/feature-set: TechPreviewNoUpgrade + labels: + openshift.io/operator-managed: "" + name: pinnedimagesets.machineconfiguration.openshift.io +spec: + group: machineconfiguration.openshift.io + names: + kind: PinnedImageSet + listKind: PinnedImageSetList + plural: pinnedimagesets + singular: pinnedimageset + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: "PinnedImageSet describes a set of images that should be pinned + by CRI-O and pulled to the nodes which are members of the declared MachineConfigPools. + \n Compatibility level 4: No compatibility is provided, the API can change + at any point for any reason. These capabilities should not be used by applications + needing long term support." + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: spec describes the configuration of this pinned image set. + properties: + pinnedImages: + description: "pinnedImages is a list of OCI Image referenced by digest + that should be pinned and pre-loaded by the nodes of a MachineConfigPool. + Translates into a new file inside the /etc/crio/crio.conf.d directory + with content similar to this: \n pinned_images = [ \"quay.io/openshift-release-dev/ocp-release@sha256:...\", + \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\", \"quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:...\", + ... ] \n These image references should all be by digest, tags aren't + allowed." + items: + properties: + name: + description: "name is an OCI Image referenced by digest. \n + The format of the image ref is: host[:port][/namespace]/name@sha256:" + maxLength: 447 + minLength: 1 + type: string + x-kubernetes-validations: + - message: The OCI Image reference must be in the format host[:port][/namespace]/name@sha256: + with a valid SHA256 digest + rule: self.matches('^([a-zA-Z0-9-]+\\.)+[a-zA-Z0-9-]+(:[0-9]{2,5})?/([a-zA-Z0-9-_]{0,61}/)?[a-zA-Z0-9-_.]*@sha256:[a-f0-9]{64}$') + required: + - name + type: object + maxItems: 2000 + minItems: 1 + type: array + x-kubernetes-list-map-keys: + - name + x-kubernetes-list-type: map + required: + - pinnedImages + type: object + required: + - spec + type: object + served: true + storage: true From b97feaf7fef3ae32be9e9d8826a82f3be962c2f7 Mon Sep 17 00:00:00 2001 From: Sam Batschelet Date: Fri, 15 Mar 2024 17:49:07 -0400 Subject: [PATCH 5/5] align RFC-1123 regex with existing Signed-off-by: Sam Batschelet --- machineconfiguration/v1/types.go | 2 +- .../0000_80_machineconfigpool-CustomNoUpgrade.crd.yaml | 2 +- .../0000_80_machineconfigpool-TechPreviewNoUpgrade.crd.yaml | 2 +- .../PinnedImages.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/machineconfiguration/v1/types.go b/machineconfiguration/v1/types.go index 6dbe2a0adc6..f4344ca912d 100644 --- a/machineconfiguration/v1/types.go +++ b/machineconfiguration/v1/types.go @@ -456,7 +456,7 @@ type PinnedImageSetRef struct { // +openshift:enable:FeatureGate=PinnedImages // +kubebuilder:validation:MinLength=1 // +kubebuilder:validation:MaxLength=253 - // +kubebuilder:validation:Pattern=`^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$` + // +kubebuilder:validation:Pattern=`^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$` // +kubebuilder:validation:Required Name string `json:"name"` } diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool-CustomNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool-CustomNoUpgrade.crd.yaml index 5646c25968f..81385e0b3bd 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool-CustomNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool-CustomNoUpgrade.crd.yaml @@ -331,7 +331,7 @@ spec: name must not exceed 253 characters. maxLength: 253 minLength: 1 - pattern: ^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$ + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ type: string required: - name diff --git a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool-TechPreviewNoUpgrade.crd.yaml b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool-TechPreviewNoUpgrade.crd.yaml index 7f6d61a57d8..5356610e12f 100644 --- a/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool-TechPreviewNoUpgrade.crd.yaml +++ b/machineconfiguration/v1/zz_generated.crd-manifests/0000_80_machineconfigpool-TechPreviewNoUpgrade.crd.yaml @@ -331,7 +331,7 @@ spec: name must not exceed 253 characters. maxLength: 253 minLength: 1 - pattern: ^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$ + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ type: string required: - name diff --git a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/machineconfigpools.machineconfiguration.openshift.io/PinnedImages.yaml b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/machineconfigpools.machineconfiguration.openshift.io/PinnedImages.yaml index f6974857379..e4818320e81 100644 --- a/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/machineconfigpools.machineconfiguration.openshift.io/PinnedImages.yaml +++ b/machineconfiguration/v1/zz_generated.featuregated-crd-manifests/machineconfigpools.machineconfiguration.openshift.io/PinnedImages.yaml @@ -328,7 +328,7 @@ spec: name must not exceed 253 characters. maxLength: 253 minLength: 1 - pattern: ^(?:[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)(?:\.[a-zA-Z0-9](?:[a-zA-Z0-9-]{0,61}[a-zA-Z0-9])?)*$ + pattern: ^([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9])(\.([a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9\-]{0,61}[a-zA-Z0-9]))*$ type: string required: - name