diff --git a/config/v1/tests/images.config.openshift.io/ImageStreamImportMode.yaml b/config/v1/tests/images.config.openshift.io/ImageStreamImportMode.yaml
new file mode 100644
index 00000000000..8b549133fec
--- /dev/null
+++ b/config/v1/tests/images.config.openshift.io/ImageStreamImportMode.yaml
@@ -0,0 +1,55 @@
+apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
+name: "Image"
+crdName: images.config.openshift.io
+featureGate: ImageStreamImportMode
+tests:
+ onCreate:
+ - name: Should be able to create a minimal Image config
+ initial: |
+ apiVersion: config.openshift.io/v1
+ kind: Image
+ spec: {}
+ expected: |
+ apiVersion: config.openshift.io/v1
+ kind: Image
+ spec: {}
+ - name: Should be able to configure imageStreamImportMode to Legacy
+ initial: |
+ apiVersion: config.openshift.io/v1
+ kind: Image
+ spec:
+ imageStreamImportMode: Legacy
+ expected: |
+ apiVersion: config.openshift.io/v1
+ kind: Image
+ spec:
+ imageStreamImportMode: Legacy
+ - name: Should be able to configure imageStreamImportMode to PreserveOriginal
+ initial: |
+ apiVersion: config.openshift.io/v1
+ kind: Image
+ spec:
+ imageStreamImportMode: PreserveOriginal
+ expected: |
+ apiVersion: config.openshift.io/v1
+ kind: Image
+ spec:
+ imageStreamImportMode: PreserveOriginal
+ - name: Should not be able to configure imageStreamImportMode to a value other than Legacy or PreserveOriginal
+ initial: |
+ apiVersion: config.openshift.io/v1
+ kind: Image
+ spec:
+ imageStreamImportMode: InvalidValue
+ expectedError: 'spec.imageStreamImportMode: Unsupported value: "InvalidValue": supported values: "", "Legacy", "PreserveOriginal"'
+ - name: Should be able to configure imageStreamImportMode to empty string
+ initial: |
+ apiVersion: config.openshift.io/v1
+ kind: Image
+ spec:
+ imageStreamImportMode: ""
+ expected: |
+ apiVersion: config.openshift.io/v1
+ kind: Image
+ spec:
+ imageStreamImportMode: ""
diff --git a/config/v1/types_image.go b/config/v1/types_image.go
index a344086c07b..d3c694a56f3 100644
--- a/config/v1/types_image.go
+++ b/config/v1/types_image.go
@@ -37,6 +37,23 @@ type Image struct {
Status ImageStatus `json:"status"`
}
+// ImportModeType describes how to import an image manifest.
+// +enum
+// +kubebuilder:validation:Enum:="";Legacy;PreserveOriginal
+type ImportModeType string
+
+const (
+ // ImportModeLegacy indicates that the legacy behaviour should be used.
+ // For manifest lists, the legacy behaviour will discard the manifest list and import a single
+ // sub-manifest. In this case, the platform is chosen in the following order of priority:
+ // 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list.
+ // This mode is the default.
+ ImportModeLegacy ImportModeType = "Legacy"
+ // ImportModePreserveOriginal indicates that the original manifest will be preserved.
+ // For manifest lists, the manifest list and all its sub-manifests will be imported.
+ ImportModePreserveOriginal ImportModeType = "PreserveOriginal"
+)
+
type ImageSpec struct {
// allowedRegistriesForImport limits the container image registries that normal users may import
// images from. Set this list to the registries that you trust to contain valid Docker
@@ -45,6 +62,7 @@ type ImageSpec struct {
// this policy - typically only administrators or system integrations will have those
// permissions.
// +optional
+ // +listType=atomic
AllowedRegistriesForImport []RegistryLocation `json:"allowedRegistriesForImport,omitempty"`
// externalRegistryHostnames provides the hostnames for the default external image
@@ -52,6 +70,7 @@ type ImageSpec struct {
// is exposed externally. The first value is used in 'publicDockerImageRepository'
// field in ImageStreams. The value must be in "hostname[:port]" format.
// +optional
+ // +listType=atomic
ExternalRegistryHostnames []string `json:"externalRegistryHostnames,omitempty"`
// additionalTrustedCA is a reference to a ConfigMap containing additional CAs that
@@ -67,6 +86,21 @@ type ImageSpec struct {
// internal cluster registry.
// +optional
RegistrySources RegistrySources `json:"registrySources"`
+
+ // imageStreamImportMode controls the import mode behaviour of imagestreams.
+ // It can be set to `Legacy` or `PreserveOriginal` or the empty string. If this value
+ // is specified, this setting is applied to all newly created imagestreams which do not have the
+ // value set. `Legacy` indicates that the legacy behaviour should be used.
+ // For manifest lists, the legacy behaviour will discard the manifest list and import a single
+ // sub-manifest. In this case, the platform is chosen in the following order of priority:
+ // 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list.
+ // `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists,
+ // the manifest list and all its sub-manifests will be imported. When empty, the behaviour will be
+ // decided based on the payload type advertised by the ClusterVersion status, i.e single arch payload
+ // implies the import mode is Legacy and multi payload implies PreserveOriginal.
+ // +openshift:enable:FeatureGate=ImageStreamImportMode
+ // +optional
+ ImageStreamImportMode ImportModeType `json:"imageStreamImportMode"`
}
type ImageStatus struct {
@@ -82,7 +116,22 @@ type ImageStatus struct {
// is exposed externally. The first value is used in 'publicDockerImageRepository'
// field in ImageStreams. The value must be in "hostname[:port]" format.
// +optional
+ // +listType=atomic
ExternalRegistryHostnames []string `json:"externalRegistryHostnames,omitempty"`
+
+ // imageStreamImportMode controls the import mode behaviour of imagestreams. It can be
+ // `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used.
+ // For manifest lists, the legacy behaviour will discard the manifest list and import a single
+ // sub-manifest. In this case, the platform is chosen in the following order of priority:
+ // 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list.
+ // `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists,
+ // the manifest list and all its sub-manifests will be imported. This value will be reconciled based
+ // on either the spec value or if no spec value is specified, the image registry operator would look
+ // at the ClusterVersion status to determine the payload type and set the import mode accordingly,
+ // i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.
+ // +openshift:enable:FeatureGate=ImageStreamImportMode
+ // +optional
+ ImageStreamImportMode ImportModeType `json:"imageStreamImportMode,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
@@ -116,16 +165,19 @@ type RegistryLocation struct {
type RegistrySources struct {
// insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.
// +optional
+ // +listType=atomic
InsecureRegistries []string `json:"insecureRegistries,omitempty"`
// blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.
//
// Only one of BlockedRegistries or AllowedRegistries may be set.
// +optional
+ // +listType=atomic
BlockedRegistries []string `json:"blockedRegistries,omitempty"`
// allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.
//
// Only one of BlockedRegistries or AllowedRegistries may be set.
// +optional
+ // +listType=atomic
AllowedRegistries []string `json:"allowedRegistries,omitempty"`
// containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified
// domains in their pull specs. Registries will be searched in the order provided in the list.
diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml
new file mode 100644
index 00000000000..5a188f0bf40
--- /dev/null
+++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml
@@ -0,0 +1,211 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/470
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: CustomNoUpgrade
+ name: images.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Image
+ listKind: ImageList
+ plural: images
+ singular: image
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: "Image governs policies related to imagestream imports and runtime
+ configuration for external registries. It allows cluster admins to configure
+ which registries OpenShift is allowed to import images from, extra CA trust
+ bundles for external registries, and policies to block or allow registry
+ hostnames. When exposing OpenShift's image registry to the public, this
+ also lets cluster admins specify the external hostname. \n Compatibility
+ level 1: Stable within a major release for a minimum of 12 months or 3 minor
+ releases (whichever is longer)."
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec holds user settable values for configuration
+ properties:
+ additionalTrustedCA:
+ description: additionalTrustedCA is a reference to a ConfigMap containing
+ additional CAs that should be trusted during imagestream import,
+ pod image pull, build image pull, and imageregistry pullthrough.
+ The namespace for this config map is openshift-config.
+ properties:
+ name:
+ description: name is the metadata.name of the referenced config
+ map
+ type: string
+ required:
+ - name
+ type: object
+ allowedRegistriesForImport:
+ description: allowedRegistriesForImport limits the container image
+ registries that normal users may import images from. Set this list
+ to the registries that you trust to contain valid Docker images
+ and that you want applications to be able to import from. Users
+ with permission to create Images or ImageStreamMappings via the
+ API are not affected by this policy - typically only administrators
+ or system integrations will have those permissions.
+ items:
+ description: RegistryLocation contains a location of the registry
+ specified by the registry domain name. The domain name might include
+ wildcards, like '*' or '??'.
+ properties:
+ domainName:
+ description: domainName specifies a domain name for the registry
+ In case the registry use non-standard (80 or 443) port, the
+ port should be included in the domain name as well.
+ type: string
+ insecure:
+ description: insecure indicates whether the registry is secure
+ (https) or insecure (http) By default (if not specified) the
+ registry is assumed as secure.
+ type: boolean
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ externalRegistryHostnames:
+ description: externalRegistryHostnames provides the hostnames for
+ the default external image registry. The external hostname should
+ be set only when the image registry is exposed externally. The first
+ value is used in 'publicDockerImageRepository' field in ImageStreams.
+ The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: 'imageStreamImportMode controls the import mode behaviour
+ of imagestreams. It can be set to `Legacy` or `PreserveOriginal`
+ or the empty string. If this value is specified, this setting is
+ applied to all newly created imagestreams which do not have the
+ value set. `Legacy` indicates that the legacy behaviour should be
+ used. For manifest lists, the legacy behaviour will discard the
+ manifest list and import a single sub-manifest. In this case, the
+ platform is chosen in the following order of priority: 1. tag annotations;
+ 2. control plane arch/os; 3. linux/amd64; 4. the first manifest
+ in the list. `PreserveOriginal` indicates that the original manifest
+ will be preserved. For manifest lists, the manifest list and all
+ its sub-manifests will be imported. When empty, the behaviour will
+ be decided based on the payload type advertised by the ClusterVersion
+ status, i.e single arch payload implies the import mode is Legacy
+ and multi payload implies PreserveOriginal.'
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ registrySources:
+ description: registrySources contains configuration that determines
+ how the container runtime should treat individual registries when
+ accessing images for builds+pods. (e.g. whether or not to allow
+ insecure access). It does not contain configuration for the internal
+ cluster registry.
+ properties:
+ allowedRegistries:
+ description: "allowedRegistries are the only registries permitted
+ for image pull and push actions. All other registries are denied.
+ \n Only one of BlockedRegistries or AllowedRegistries may be
+ set."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ blockedRegistries:
+ description: "blockedRegistries cannot be used for image pull
+ and push actions. All other registries are permitted. \n Only
+ one of BlockedRegistries or AllowedRegistries may be set."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ containerRuntimeSearchRegistries:
+ description: 'containerRuntimeSearchRegistries are registries
+ that will be searched when pulling images that do not have fully
+ qualified domains in their pull specs. Registries will be searched
+ in the order provided in the list. Note: this search list only
+ works with the container runtime, i.e CRI-O. Will NOT work with
+ builds or imagestream imports.'
+ format: hostname
+ items:
+ type: string
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ insecureRegistries:
+ description: insecureRegistries are registries which do not have
+ a valid TLS certificates or only support HTTP connections.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ properties:
+ externalRegistryHostnames:
+ description: externalRegistryHostnames provides the hostnames for
+ the default external image registry. The external hostname should
+ be set only when the image registry is exposed externally. The first
+ value is used in 'publicDockerImageRepository' field in ImageStreams.
+ The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: 'imageStreamImportMode controls the import mode behaviour
+ of imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy`
+ indicates that the legacy behaviour should be used. For manifest
+ lists, the legacy behaviour will discard the manifest list and import
+ a single sub-manifest. In this case, the platform is chosen in the
+ following order of priority: 1. tag annotations; 2. control plane
+ arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal`
+ indicates that the original manifest will be preserved. For manifest
+ lists, the manifest list and all its sub-manifests will be imported.
+ This value will be reconciled based on either the spec value or
+ if no spec value is specified, the image registry operator would
+ look at the ClusterVersion status to determine the payload type
+ and set the import mode accordingly, i.e single arch payload implies
+ the import mode is Legacy and multi payload implies PreserveOriginal.'
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ internalRegistryHostname:
+ description: internalRegistryHostname sets the hostname for the default
+ internal image registry. The value must be in "hostname[:port]"
+ format. This value is set by the image registry operator which controls
+ the internal registry hostname.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-Default.crd.yaml
similarity index 96%
rename from config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images.crd.yaml
rename to config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-Default.crd.yaml
index 9c4ff628f79..0b62838deeb 100644
--- a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images.crd.yaml
+++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-Default.crd.yaml
@@ -7,6 +7,7 @@ metadata:
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: Default
name: images.config.openshift.io
spec:
group: config.openshift.io
@@ -82,6 +83,7 @@ spec:
type: boolean
type: object
type: array
+ x-kubernetes-list-type: atomic
externalRegistryHostnames:
description: externalRegistryHostnames provides the hostnames for
the default external image registry. The external hostname should
@@ -91,6 +93,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
registrySources:
description: registrySources contains configuration that determines
how the container runtime should treat individual registries when
@@ -106,6 +109,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
blockedRegistries:
description: "blockedRegistries cannot be used for image pull
and push actions. All other registries are permitted. \n Only
@@ -113,6 +117,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
containerRuntimeSearchRegistries:
description: 'containerRuntimeSearchRegistries are registries
that will be searched when pulling images that do not have fully
@@ -132,6 +137,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
type: object
status:
@@ -147,6 +153,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
internalRegistryHostname:
description: internalRegistryHostname sets the hostname for the default
internal image registry. The value must be in "hostname[:port]"
diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml
new file mode 100644
index 00000000000..dcd2e2f8e31
--- /dev/null
+++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,211 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/470
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: DevPreviewNoUpgrade
+ name: images.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Image
+ listKind: ImageList
+ plural: images
+ singular: image
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: "Image governs policies related to imagestream imports and runtime
+ configuration for external registries. It allows cluster admins to configure
+ which registries OpenShift is allowed to import images from, extra CA trust
+ bundles for external registries, and policies to block or allow registry
+ hostnames. When exposing OpenShift's image registry to the public, this
+ also lets cluster admins specify the external hostname. \n Compatibility
+ level 1: Stable within a major release for a minimum of 12 months or 3 minor
+ releases (whichever is longer)."
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec holds user settable values for configuration
+ properties:
+ additionalTrustedCA:
+ description: additionalTrustedCA is a reference to a ConfigMap containing
+ additional CAs that should be trusted during imagestream import,
+ pod image pull, build image pull, and imageregistry pullthrough.
+ The namespace for this config map is openshift-config.
+ properties:
+ name:
+ description: name is the metadata.name of the referenced config
+ map
+ type: string
+ required:
+ - name
+ type: object
+ allowedRegistriesForImport:
+ description: allowedRegistriesForImport limits the container image
+ registries that normal users may import images from. Set this list
+ to the registries that you trust to contain valid Docker images
+ and that you want applications to be able to import from. Users
+ with permission to create Images or ImageStreamMappings via the
+ API are not affected by this policy - typically only administrators
+ or system integrations will have those permissions.
+ items:
+ description: RegistryLocation contains a location of the registry
+ specified by the registry domain name. The domain name might include
+ wildcards, like '*' or '??'.
+ properties:
+ domainName:
+ description: domainName specifies a domain name for the registry
+ In case the registry use non-standard (80 or 443) port, the
+ port should be included in the domain name as well.
+ type: string
+ insecure:
+ description: insecure indicates whether the registry is secure
+ (https) or insecure (http) By default (if not specified) the
+ registry is assumed as secure.
+ type: boolean
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ externalRegistryHostnames:
+ description: externalRegistryHostnames provides the hostnames for
+ the default external image registry. The external hostname should
+ be set only when the image registry is exposed externally. The first
+ value is used in 'publicDockerImageRepository' field in ImageStreams.
+ The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: 'imageStreamImportMode controls the import mode behaviour
+ of imagestreams. It can be set to `Legacy` or `PreserveOriginal`
+ or the empty string. If this value is specified, this setting is
+ applied to all newly created imagestreams which do not have the
+ value set. `Legacy` indicates that the legacy behaviour should be
+ used. For manifest lists, the legacy behaviour will discard the
+ manifest list and import a single sub-manifest. In this case, the
+ platform is chosen in the following order of priority: 1. tag annotations;
+ 2. control plane arch/os; 3. linux/amd64; 4. the first manifest
+ in the list. `PreserveOriginal` indicates that the original manifest
+ will be preserved. For manifest lists, the manifest list and all
+ its sub-manifests will be imported. When empty, the behaviour will
+ be decided based on the payload type advertised by the ClusterVersion
+ status, i.e single arch payload implies the import mode is Legacy
+ and multi payload implies PreserveOriginal.'
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ registrySources:
+ description: registrySources contains configuration that determines
+ how the container runtime should treat individual registries when
+ accessing images for builds+pods. (e.g. whether or not to allow
+ insecure access). It does not contain configuration for the internal
+ cluster registry.
+ properties:
+ allowedRegistries:
+ description: "allowedRegistries are the only registries permitted
+ for image pull and push actions. All other registries are denied.
+ \n Only one of BlockedRegistries or AllowedRegistries may be
+ set."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ blockedRegistries:
+ description: "blockedRegistries cannot be used for image pull
+ and push actions. All other registries are permitted. \n Only
+ one of BlockedRegistries or AllowedRegistries may be set."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ containerRuntimeSearchRegistries:
+ description: 'containerRuntimeSearchRegistries are registries
+ that will be searched when pulling images that do not have fully
+ qualified domains in their pull specs. Registries will be searched
+ in the order provided in the list. Note: this search list only
+ works with the container runtime, i.e CRI-O. Will NOT work with
+ builds or imagestream imports.'
+ format: hostname
+ items:
+ type: string
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ insecureRegistries:
+ description: insecureRegistries are registries which do not have
+ a valid TLS certificates or only support HTTP connections.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ properties:
+ externalRegistryHostnames:
+ description: externalRegistryHostnames provides the hostnames for
+ the default external image registry. The external hostname should
+ be set only when the image registry is exposed externally. The first
+ value is used in 'publicDockerImageRepository' field in ImageStreams.
+ The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: 'imageStreamImportMode controls the import mode behaviour
+ of imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy`
+ indicates that the legacy behaviour should be used. For manifest
+ lists, the legacy behaviour will discard the manifest list and import
+ a single sub-manifest. In this case, the platform is chosen in the
+ following order of priority: 1. tag annotations; 2. control plane
+ arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal`
+ indicates that the original manifest will be preserved. For manifest
+ lists, the manifest list and all its sub-manifests will be imported.
+ This value will be reconciled based on either the spec value or
+ if no spec value is specified, the image registry operator would
+ look at the ClusterVersion status to determine the payload type
+ and set the import mode accordingly, i.e single arch payload implies
+ the import mode is Legacy and multi payload implies PreserveOriginal.'
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ internalRegistryHostname:
+ description: internalRegistryHostname sets the hostname for the default
+ internal image registry. The value must be in "hostname[:port]"
+ format. This value is set by the image registry operator which controls
+ the internal registry hostname.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml
new file mode 100644
index 00000000000..a733a86f0f5
--- /dev/null
+++ b/config/v1/zz_generated.crd-manifests/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,211 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/470
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: TechPreviewNoUpgrade
+ name: images.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Image
+ listKind: ImageList
+ plural: images
+ singular: image
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: "Image governs policies related to imagestream imports and runtime
+ configuration for external registries. It allows cluster admins to configure
+ which registries OpenShift is allowed to import images from, extra CA trust
+ bundles for external registries, and policies to block or allow registry
+ hostnames. When exposing OpenShift's image registry to the public, this
+ also lets cluster admins specify the external hostname. \n Compatibility
+ level 1: Stable within a major release for a minimum of 12 months or 3 minor
+ releases (whichever is longer)."
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec holds user settable values for configuration
+ properties:
+ additionalTrustedCA:
+ description: additionalTrustedCA is a reference to a ConfigMap containing
+ additional CAs that should be trusted during imagestream import,
+ pod image pull, build image pull, and imageregistry pullthrough.
+ The namespace for this config map is openshift-config.
+ properties:
+ name:
+ description: name is the metadata.name of the referenced config
+ map
+ type: string
+ required:
+ - name
+ type: object
+ allowedRegistriesForImport:
+ description: allowedRegistriesForImport limits the container image
+ registries that normal users may import images from. Set this list
+ to the registries that you trust to contain valid Docker images
+ and that you want applications to be able to import from. Users
+ with permission to create Images or ImageStreamMappings via the
+ API are not affected by this policy - typically only administrators
+ or system integrations will have those permissions.
+ items:
+ description: RegistryLocation contains a location of the registry
+ specified by the registry domain name. The domain name might include
+ wildcards, like '*' or '??'.
+ properties:
+ domainName:
+ description: domainName specifies a domain name for the registry
+ In case the registry use non-standard (80 or 443) port, the
+ port should be included in the domain name as well.
+ type: string
+ insecure:
+ description: insecure indicates whether the registry is secure
+ (https) or insecure (http) By default (if not specified) the
+ registry is assumed as secure.
+ type: boolean
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ externalRegistryHostnames:
+ description: externalRegistryHostnames provides the hostnames for
+ the default external image registry. The external hostname should
+ be set only when the image registry is exposed externally. The first
+ value is used in 'publicDockerImageRepository' field in ImageStreams.
+ The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: 'imageStreamImportMode controls the import mode behaviour
+ of imagestreams. It can be set to `Legacy` or `PreserveOriginal`
+ or the empty string. If this value is specified, this setting is
+ applied to all newly created imagestreams which do not have the
+ value set. `Legacy` indicates that the legacy behaviour should be
+ used. For manifest lists, the legacy behaviour will discard the
+ manifest list and import a single sub-manifest. In this case, the
+ platform is chosen in the following order of priority: 1. tag annotations;
+ 2. control plane arch/os; 3. linux/amd64; 4. the first manifest
+ in the list. `PreserveOriginal` indicates that the original manifest
+ will be preserved. For manifest lists, the manifest list and all
+ its sub-manifests will be imported. When empty, the behaviour will
+ be decided based on the payload type advertised by the ClusterVersion
+ status, i.e single arch payload implies the import mode is Legacy
+ and multi payload implies PreserveOriginal.'
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ registrySources:
+ description: registrySources contains configuration that determines
+ how the container runtime should treat individual registries when
+ accessing images for builds+pods. (e.g. whether or not to allow
+ insecure access). It does not contain configuration for the internal
+ cluster registry.
+ properties:
+ allowedRegistries:
+ description: "allowedRegistries are the only registries permitted
+ for image pull and push actions. All other registries are denied.
+ \n Only one of BlockedRegistries or AllowedRegistries may be
+ set."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ blockedRegistries:
+ description: "blockedRegistries cannot be used for image pull
+ and push actions. All other registries are permitted. \n Only
+ one of BlockedRegistries or AllowedRegistries may be set."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ containerRuntimeSearchRegistries:
+ description: 'containerRuntimeSearchRegistries are registries
+ that will be searched when pulling images that do not have fully
+ qualified domains in their pull specs. Registries will be searched
+ in the order provided in the list. Note: this search list only
+ works with the container runtime, i.e CRI-O. Will NOT work with
+ builds or imagestream imports.'
+ format: hostname
+ items:
+ type: string
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ insecureRegistries:
+ description: insecureRegistries are registries which do not have
+ a valid TLS certificates or only support HTTP connections.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ properties:
+ externalRegistryHostnames:
+ description: externalRegistryHostnames provides the hostnames for
+ the default external image registry. The external hostname should
+ be set only when the image registry is exposed externally. The first
+ value is used in 'publicDockerImageRepository' field in ImageStreams.
+ The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: 'imageStreamImportMode controls the import mode behaviour
+ of imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy`
+ indicates that the legacy behaviour should be used. For manifest
+ lists, the legacy behaviour will discard the manifest list and import
+ a single sub-manifest. In this case, the platform is chosen in the
+ following order of priority: 1. tag annotations; 2. control plane
+ arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal`
+ indicates that the original manifest will be preserved. For manifest
+ lists, the manifest list and all its sub-manifests will be imported.
+ This value will be reconciled based on either the spec value or
+ if no spec value is specified, the image registry operator would
+ look at the ClusterVersion status to determine the payload type
+ and set the import mode accordingly, i.e single arch payload implies
+ the import mode is Legacy and multi payload implies PreserveOriginal.'
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ internalRegistryHostname:
+ description: internalRegistryHostname sets the hostname for the default
+ internal image registry. The value must be in "hostname[:port]"
+ format. This value is set by the image registry operator which controls
+ the internal registry hostname.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/config/v1/zz_generated.featuregated-crd-manifests.yaml b/config/v1/zz_generated.featuregated-crd-manifests.yaml
index ddc7594f75f..8f390a988c1 100644
--- a/config/v1/zz_generated.featuregated-crd-manifests.yaml
+++ b/config/v1/zz_generated.featuregated-crd-manifests.yaml
@@ -218,7 +218,8 @@ images.config.openshift.io:
CRDName: images.config.openshift.io
Capability: ""
Category: ""
- FeatureGates: []
+ FeatureGates:
+ - ImageStreamImportMode
FilenameOperatorName: config-operator
FilenameOperatorOrdering: "01"
FilenameRunLevel: "0000_10"
diff --git a/config/v1/zz_generated.featuregated-crd-manifests/images.config.openshift.io/AAA_ungated.yaml b/config/v1/zz_generated.featuregated-crd-manifests/images.config.openshift.io/AAA_ungated.yaml
index f04ef15785d..97b42cc2ffb 100644
--- a/config/v1/zz_generated.featuregated-crd-manifests/images.config.openshift.io/AAA_ungated.yaml
+++ b/config/v1/zz_generated.featuregated-crd-manifests/images.config.openshift.io/AAA_ungated.yaml
@@ -83,6 +83,7 @@ spec:
type: boolean
type: object
type: array
+ x-kubernetes-list-type: atomic
externalRegistryHostnames:
description: externalRegistryHostnames provides the hostnames for
the default external image registry. The external hostname should
@@ -92,6 +93,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
registrySources:
description: registrySources contains configuration that determines
how the container runtime should treat individual registries when
@@ -107,6 +109,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
blockedRegistries:
description: "blockedRegistries cannot be used for image pull
and push actions. All other registries are permitted. \n Only
@@ -114,6 +117,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
containerRuntimeSearchRegistries:
description: 'containerRuntimeSearchRegistries are registries
that will be searched when pulling images that do not have fully
@@ -133,6 +137,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
type: object
status:
@@ -148,6 +153,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
internalRegistryHostname:
description: internalRegistryHostname sets the hostname for the default
internal image registry. The value must be in "hostname[:port]"
diff --git a/config/v1/zz_generated.featuregated-crd-manifests/images.config.openshift.io/ImageStreamImportMode.yaml b/config/v1/zz_generated.featuregated-crd-manifests/images.config.openshift.io/ImageStreamImportMode.yaml
new file mode 100644
index 00000000000..50d787d0e41
--- /dev/null
+++ b/config/v1/zz_generated.featuregated-crd-manifests/images.config.openshift.io/ImageStreamImportMode.yaml
@@ -0,0 +1,211 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/470
+ api.openshift.io/filename-cvo-runlevel: "0000_10"
+ api.openshift.io/filename-operator: config-operator
+ api.openshift.io/filename-ordering: "01"
+ feature-gate.release.openshift.io/ImageStreamImportMode: "true"
+ release.openshift.io/bootstrap-required: "true"
+ name: images.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Image
+ listKind: ImageList
+ plural: images
+ singular: image
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: "Image governs policies related to imagestream imports and runtime
+ configuration for external registries. It allows cluster admins to configure
+ which registries OpenShift is allowed to import images from, extra CA trust
+ bundles for external registries, and policies to block or allow registry
+ hostnames. When exposing OpenShift's image registry to the public, this
+ also lets cluster admins specify the external hostname. \n Compatibility
+ level 1: Stable within a major release for a minimum of 12 months or 3 minor
+ releases (whichever is longer)."
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec holds user settable values for configuration
+ properties:
+ additionalTrustedCA:
+ description: additionalTrustedCA is a reference to a ConfigMap containing
+ additional CAs that should be trusted during imagestream import,
+ pod image pull, build image pull, and imageregistry pullthrough.
+ The namespace for this config map is openshift-config.
+ properties:
+ name:
+ description: name is the metadata.name of the referenced config
+ map
+ type: string
+ required:
+ - name
+ type: object
+ allowedRegistriesForImport:
+ description: allowedRegistriesForImport limits the container image
+ registries that normal users may import images from. Set this list
+ to the registries that you trust to contain valid Docker images
+ and that you want applications to be able to import from. Users
+ with permission to create Images or ImageStreamMappings via the
+ API are not affected by this policy - typically only administrators
+ or system integrations will have those permissions.
+ items:
+ description: RegistryLocation contains a location of the registry
+ specified by the registry domain name. The domain name might include
+ wildcards, like '*' or '??'.
+ properties:
+ domainName:
+ description: domainName specifies a domain name for the registry
+ In case the registry use non-standard (80 or 443) port, the
+ port should be included in the domain name as well.
+ type: string
+ insecure:
+ description: insecure indicates whether the registry is secure
+ (https) or insecure (http) By default (if not specified) the
+ registry is assumed as secure.
+ type: boolean
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ externalRegistryHostnames:
+ description: externalRegistryHostnames provides the hostnames for
+ the default external image registry. The external hostname should
+ be set only when the image registry is exposed externally. The first
+ value is used in 'publicDockerImageRepository' field in ImageStreams.
+ The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: 'imageStreamImportMode controls the import mode behaviour
+ of imagestreams. It can be set to `Legacy` or `PreserveOriginal`
+ or the empty string. If this value is specified, this setting is
+ applied to all newly created imagestreams which do not have the
+ value set. `Legacy` indicates that the legacy behaviour should be
+ used. For manifest lists, the legacy behaviour will discard the
+ manifest list and import a single sub-manifest. In this case, the
+ platform is chosen in the following order of priority: 1. tag annotations;
+ 2. control plane arch/os; 3. linux/amd64; 4. the first manifest
+ in the list. `PreserveOriginal` indicates that the original manifest
+ will be preserved. For manifest lists, the manifest list and all
+ its sub-manifests will be imported. When empty, the behaviour will
+ be decided based on the payload type advertised by the ClusterVersion
+ status, i.e single arch payload implies the import mode is Legacy
+ and multi payload implies PreserveOriginal.'
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ registrySources:
+ description: registrySources contains configuration that determines
+ how the container runtime should treat individual registries when
+ accessing images for builds+pods. (e.g. whether or not to allow
+ insecure access). It does not contain configuration for the internal
+ cluster registry.
+ properties:
+ allowedRegistries:
+ description: "allowedRegistries are the only registries permitted
+ for image pull and push actions. All other registries are denied.
+ \n Only one of BlockedRegistries or AllowedRegistries may be
+ set."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ blockedRegistries:
+ description: "blockedRegistries cannot be used for image pull
+ and push actions. All other registries are permitted. \n Only
+ one of BlockedRegistries or AllowedRegistries may be set."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ containerRuntimeSearchRegistries:
+ description: 'containerRuntimeSearchRegistries are registries
+ that will be searched when pulling images that do not have fully
+ qualified domains in their pull specs. Registries will be searched
+ in the order provided in the list. Note: this search list only
+ works with the container runtime, i.e CRI-O. Will NOT work with
+ builds or imagestream imports.'
+ format: hostname
+ items:
+ type: string
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ insecureRegistries:
+ description: insecureRegistries are registries which do not have
+ a valid TLS certificates or only support HTTP connections.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ properties:
+ externalRegistryHostnames:
+ description: externalRegistryHostnames provides the hostnames for
+ the default external image registry. The external hostname should
+ be set only when the image registry is exposed externally. The first
+ value is used in 'publicDockerImageRepository' field in ImageStreams.
+ The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: 'imageStreamImportMode controls the import mode behaviour
+ of imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy`
+ indicates that the legacy behaviour should be used. For manifest
+ lists, the legacy behaviour will discard the manifest list and import
+ a single sub-manifest. In this case, the platform is chosen in the
+ following order of priority: 1. tag annotations; 2. control plane
+ arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal`
+ indicates that the original manifest will be preserved. For manifest
+ lists, the manifest list and all its sub-manifests will be imported.
+ This value will be reconciled based on either the spec value or
+ if no spec value is specified, the image registry operator would
+ look at the ClusterVersion status to determine the payload type
+ and set the import mode accordingly, i.e single arch payload implies
+ the import mode is Legacy and multi payload implies PreserveOriginal.'
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ internalRegistryHostname:
+ description: internalRegistryHostname sets the hostname for the default
+ internal image registry. The value must be in "hostname[:port]"
+ format. This value is set by the image registry operator which controls
+ the internal registry hostname.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/config/v1/zz_generated.swagger_doc_generated.go b/config/v1/zz_generated.swagger_doc_generated.go
index e5e9bdb897d..15311b0b3e1 100644
--- a/config/v1/zz_generated.swagger_doc_generated.go
+++ b/config/v1/zz_generated.swagger_doc_generated.go
@@ -1016,6 +1016,7 @@ var map_ImageSpec = map[string]string{
"externalRegistryHostnames": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.",
"additionalTrustedCA": "additionalTrustedCA is a reference to a ConfigMap containing additional CAs that should be trusted during imagestream import, pod image pull, build image pull, and imageregistry pullthrough. The namespace for this config map is openshift-config.",
"registrySources": "registrySources contains configuration that determines how the container runtime should treat individual registries when accessing images for builds+pods. (e.g. whether or not to allow insecure access). It does not contain configuration for the internal cluster registry.",
+ "imageStreamImportMode": "imageStreamImportMode controls the import mode behaviour of imagestreams. It can be set to `Legacy` or `PreserveOriginal` or the empty string. If this value is specified, this setting is applied to all newly created imagestreams which do not have the value set. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported. When empty, the behaviour will be decided based on the payload type advertised by the ClusterVersion status, i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.",
}
func (ImageSpec) SwaggerDoc() map[string]string {
@@ -1025,6 +1026,7 @@ func (ImageSpec) SwaggerDoc() map[string]string {
var map_ImageStatus = map[string]string{
"internalRegistryHostname": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format. This value is set by the image registry operator which controls the internal registry hostname.",
"externalRegistryHostnames": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.",
+ "imageStreamImportMode": "imageStreamImportMode controls the import mode behaviour of imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported. This value will be reconciled based on either the spec value or if no spec value is specified, the image registry operator would look at the ClusterVersion status to determine the payload type and set the import mode accordingly, i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.",
}
func (ImageStatus) SwaggerDoc() map[string]string {
diff --git a/features.md b/features.md
index 0d92fce594b..04afce6fd94 100644
--- a/features.md
+++ b/features.md
@@ -19,6 +19,7 @@
| Example| | | Enabled | Enabled | Enabled | Enabled |
| ExternalRouteCertificate| | | Enabled | Enabled | Enabled | Enabled |
| GCPClusterHostedDNS| | | Enabled | Enabled | Enabled | Enabled |
+| ImageStreamImportMode| | | Enabled | Enabled | Enabled | Enabled |
| InsightsConfig| | | Enabled | Enabled | Enabled | Enabled |
| InsightsConfigAPI| | | Enabled | Enabled | Enabled | Enabled |
| InsightsOnDemandDataGather| | | Enabled | Enabled | Enabled | Enabled |
diff --git a/features/features.go b/features/features.go
index 2cf4b1a950b..b796945b1e4 100644
--- a/features/features.go
+++ b/features/features.go
@@ -618,4 +618,10 @@ var (
productScope(ocpSpecific).
enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
mustRegister()
+ FeatureGateImageStreamImportMode = newFeatureGate("ImageStreamImportMode").
+ reportProblemsToJiraComponent("Multi-Arch").
+ contactPerson("psundara").
+ productScope(ocpSpecific).
+ enableIn(configv1.DevPreviewNoUpgrade, configv1.TechPreviewNoUpgrade).
+ mustRegister()
)
diff --git a/image/v1/tests/AAA_ungated.yaml b/image/v1/tests/AAA_ungated.yaml
new file mode 100644
index 00000000000..f4a3ac8a5e9
--- /dev/null
+++ b/image/v1/tests/AAA_ungated.yaml
@@ -0,0 +1,14 @@
+apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
+name: "Image"
+crdName: images.config.openshift.io
+tests:
+ onCreate:
+ - name: Should be able to create a minimal Image config
+ initial: |
+ apiVersion: config.openshift.io/v1
+ kind: Image
+ spec: {}
+ expected: |
+ apiVersion: config.openshift.io/v1
+ kind: Image
+ spec: {}
diff --git a/image/v1/tests/ImageStreamImportMode.yaml b/image/v1/tests/ImageStreamImportMode.yaml
new file mode 100644
index 00000000000..8b549133fec
--- /dev/null
+++ b/image/v1/tests/ImageStreamImportMode.yaml
@@ -0,0 +1,55 @@
+apiVersion: apiextensions.k8s.io/v1 # Hack because controller-gen complains if we don't have this
+name: "Image"
+crdName: images.config.openshift.io
+featureGate: ImageStreamImportMode
+tests:
+ onCreate:
+ - name: Should be able to create a minimal Image config
+ initial: |
+ apiVersion: config.openshift.io/v1
+ kind: Image
+ spec: {}
+ expected: |
+ apiVersion: config.openshift.io/v1
+ kind: Image
+ spec: {}
+ - name: Should be able to configure imageStreamImportMode to Legacy
+ initial: |
+ apiVersion: config.openshift.io/v1
+ kind: Image
+ spec:
+ imageStreamImportMode: Legacy
+ expected: |
+ apiVersion: config.openshift.io/v1
+ kind: Image
+ spec:
+ imageStreamImportMode: Legacy
+ - name: Should be able to configure imageStreamImportMode to PreserveOriginal
+ initial: |
+ apiVersion: config.openshift.io/v1
+ kind: Image
+ spec:
+ imageStreamImportMode: PreserveOriginal
+ expected: |
+ apiVersion: config.openshift.io/v1
+ kind: Image
+ spec:
+ imageStreamImportMode: PreserveOriginal
+ - name: Should not be able to configure imageStreamImportMode to a value other than Legacy or PreserveOriginal
+ initial: |
+ apiVersion: config.openshift.io/v1
+ kind: Image
+ spec:
+ imageStreamImportMode: InvalidValue
+ expectedError: 'spec.imageStreamImportMode: Unsupported value: "InvalidValue": supported values: "", "Legacy", "PreserveOriginal"'
+ - name: Should be able to configure imageStreamImportMode to empty string
+ initial: |
+ apiVersion: config.openshift.io/v1
+ kind: Image
+ spec:
+ imageStreamImportMode: ""
+ expected: |
+ apiVersion: config.openshift.io/v1
+ kind: Image
+ spec:
+ imageStreamImportMode: ""
diff --git a/openapi/generated_openapi/zz_generated.openapi.go b/openapi/generated_openapi/zz_generated.openapi.go
index b126610f2e1..056c0c32439 100644
--- a/openapi/generated_openapi/zz_generated.openapi.go
+++ b/openapi/generated_openapi/zz_generated.openapi.go
@@ -13677,6 +13677,11 @@ func schema_openshift_api_config_v1_ImageSpec(ref common.ReferenceCallback) comm
Type: []string{"object"},
Properties: map[string]spec.Schema{
"allowedRegistriesForImport": {
+ VendorExtensible: spec.VendorExtensible{
+ Extensions: spec.Extensions{
+ "x-kubernetes-list-type": "atomic",
+ },
+ },
SchemaProps: spec.SchemaProps{
Description: "allowedRegistriesForImport limits the container image registries that normal users may import images from. Set this list to the registries that you trust to contain valid Docker images and that you want applications to be able to import from. Users with permission to create Images or ImageStreamMappings via the API are not affected by this policy - typically only administrators or system integrations will have those permissions.",
Type: []string{"array"},
@@ -13691,6 +13696,11 @@ func schema_openshift_api_config_v1_ImageSpec(ref common.ReferenceCallback) comm
},
},
"externalRegistryHostnames": {
+ VendorExtensible: spec.VendorExtensible{
+ Extensions: spec.Extensions{
+ "x-kubernetes-list-type": "atomic",
+ },
+ },
SchemaProps: spec.SchemaProps{
Description: "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.",
Type: []string{"array"},
@@ -13719,6 +13729,15 @@ func schema_openshift_api_config_v1_ImageSpec(ref common.ReferenceCallback) comm
Ref: ref("github.com/openshift/api/config/v1.RegistrySources"),
},
},
+ "imageStreamImportMode": {
+ SchemaProps: spec.SchemaProps{
+ Description: "imageStreamImportMode controls the import mode behaviour of imagestreams. It can be set to `Legacy` or `PreserveOriginal` or the empty string. If this value is specified, this setting is applied to all newly created imagestreams which do not have the value set. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported. When empty, the behaviour will be decided based on the payload type advertised by the ClusterVersion status, i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.\n\nPossible enum values:\n - `\"Legacy\"` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. This mode is the default.\n - `\"PreserveOriginal\"` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.",
+ Default: "",
+ Type: []string{"string"},
+ Format: "",
+ Enum: []interface{}{"Legacy", "PreserveOriginal"},
+ },
+ },
},
},
},
@@ -13741,6 +13760,11 @@ func schema_openshift_api_config_v1_ImageStatus(ref common.ReferenceCallback) co
},
},
"externalRegistryHostnames": {
+ VendorExtensible: spec.VendorExtensible{
+ Extensions: spec.Extensions{
+ "x-kubernetes-list-type": "atomic",
+ },
+ },
SchemaProps: spec.SchemaProps{
Description: "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.",
Type: []string{"array"},
@@ -13755,6 +13779,14 @@ func schema_openshift_api_config_v1_ImageStatus(ref common.ReferenceCallback) co
},
},
},
+ "imageStreamImportMode": {
+ SchemaProps: spec.SchemaProps{
+ Description: "imageStreamImportMode controls the import mode behaviour of imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported. This value will be reconciled based on either the spec value or if no spec value is specified, the image registry operator would look at the ClusterVersion status to determine the payload type and set the import mode accordingly, i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.\n\nPossible enum values:\n - `\"Legacy\"` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. This mode is the default.\n - `\"PreserveOriginal\"` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.",
+ Type: []string{"string"},
+ Format: "",
+ Enum: []interface{}{"Legacy", "PreserveOriginal"},
+ },
+ },
},
},
},
@@ -17926,6 +17958,11 @@ func schema_openshift_api_config_v1_RegistrySources(ref common.ReferenceCallback
Type: []string{"object"},
Properties: map[string]spec.Schema{
"insecureRegistries": {
+ VendorExtensible: spec.VendorExtensible{
+ Extensions: spec.Extensions{
+ "x-kubernetes-list-type": "atomic",
+ },
+ },
SchemaProps: spec.SchemaProps{
Description: "insecureRegistries are registries which do not have a valid TLS certificates or only support HTTP connections.",
Type: []string{"array"},
@@ -17941,6 +17978,11 @@ func schema_openshift_api_config_v1_RegistrySources(ref common.ReferenceCallback
},
},
"blockedRegistries": {
+ VendorExtensible: spec.VendorExtensible{
+ Extensions: spec.Extensions{
+ "x-kubernetes-list-type": "atomic",
+ },
+ },
SchemaProps: spec.SchemaProps{
Description: "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.",
Type: []string{"array"},
@@ -17956,6 +17998,11 @@ func schema_openshift_api_config_v1_RegistrySources(ref common.ReferenceCallback
},
},
"allowedRegistries": {
+ VendorExtensible: spec.VendorExtensible{
+ Extensions: spec.Extensions{
+ "x-kubernetes-list-type": "atomic",
+ },
+ },
SchemaProps: spec.SchemaProps{
Description: "allowedRegistries are the only registries permitted for image pull and push actions. All other registries are denied.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.",
Type: []string{"array"},
@@ -43070,6 +43117,15 @@ func schema_openshift_api_openshiftcontrolplane_v1_ImagePolicyConfig(ref common.
Format: "",
},
},
+ "imageStreamImportMode": {
+ SchemaProps: spec.SchemaProps{
+ Description: "imageStreamImportMode provides the import mode value for imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.If this value is specified, this setting is applied to all newly created imagestreams which do not have the value set.\n\nPossible enum values:\n - `\"Legacy\"` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. This mode is the default.\n - `\"PreserveOriginal\"` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.",
+ Default: "",
+ Type: []string{"string"},
+ Format: "",
+ Enum: []interface{}{"Legacy", "PreserveOriginal"},
+ },
+ },
},
Required: []string{"maxImagesBulkImportedPerRepository", "allowedRegistriesForImport", "internalRegistryHostname", "externalRegistryHostnames", "additionalTrustedCA"},
},
diff --git a/openapi/openapi.json b/openapi/openapi.json
index 952aa630ea1..93c53a884fd 100644
--- a/openapi/openapi.json
+++ b/openapi/openapi.json
@@ -7206,7 +7206,8 @@
"items": {
"default": {},
"$ref": "#/definitions/com.github.openshift.api.config.v1.RegistryLocation"
- }
+ },
+ "x-kubernetes-list-type": "atomic"
},
"externalRegistryHostnames": {
"description": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.",
@@ -7214,7 +7215,17 @@
"items": {
"type": "string",
"default": ""
- }
+ },
+ "x-kubernetes-list-type": "atomic"
+ },
+ "imageStreamImportMode": {
+ "description": "imageStreamImportMode controls the import mode behaviour of imagestreams. It can be set to `Legacy` or `PreserveOriginal` or the empty string. If this value is specified, this setting is applied to all newly created imagestreams which do not have the value set. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported. When empty, the behaviour will be decided based on the payload type advertised by the ClusterVersion status, i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.\n\nPossible enum values:\n - `\"Legacy\"` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. This mode is the default.\n - `\"PreserveOriginal\"` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.",
+ "type": "string",
+ "default": "",
+ "enum": [
+ "Legacy",
+ "PreserveOriginal"
+ ]
},
"registrySources": {
"description": "registrySources contains configuration that determines how the container runtime should treat individual registries when accessing images for builds+pods. (e.g. whether or not to allow insecure access). It does not contain configuration for the internal cluster registry.",
@@ -7232,7 +7243,16 @@
"items": {
"type": "string",
"default": ""
- }
+ },
+ "x-kubernetes-list-type": "atomic"
+ },
+ "imageStreamImportMode": {
+ "description": "imageStreamImportMode controls the import mode behaviour of imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported. This value will be reconciled based on either the spec value or if no spec value is specified, the image registry operator would look at the ClusterVersion status to determine the payload type and set the import mode accordingly, i.e single arch payload implies the import mode is Legacy and multi payload implies PreserveOriginal.\n\nPossible enum values:\n - `\"Legacy\"` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. This mode is the default.\n - `\"PreserveOriginal\"` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.",
+ "type": "string",
+ "enum": [
+ "Legacy",
+ "PreserveOriginal"
+ ]
},
"internalRegistryHostname": {
"description": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format. This value is set by the image registry operator which controls the internal registry hostname.",
@@ -9666,7 +9686,8 @@
"items": {
"type": "string",
"default": ""
- }
+ },
+ "x-kubernetes-list-type": "atomic"
},
"blockedRegistries": {
"description": "blockedRegistries cannot be used for image pull and push actions. All other registries are permitted.\n\nOnly one of BlockedRegistries or AllowedRegistries may be set.",
@@ -9674,7 +9695,8 @@
"items": {
"type": "string",
"default": ""
- }
+ },
+ "x-kubernetes-list-type": "atomic"
},
"containerRuntimeSearchRegistries": {
"description": "containerRuntimeSearchRegistries are registries that will be searched when pulling images that do not have fully qualified domains in their pull specs. Registries will be searched in the order provided in the list. Note: this search list only works with the container runtime, i.e CRI-O. Will NOT work with builds or imagestream imports.",
@@ -9691,7 +9713,8 @@
"items": {
"type": "string",
"default": ""
- }
+ },
+ "x-kubernetes-list-type": "atomic"
}
}
},
@@ -24965,6 +24988,15 @@
"default": ""
}
},
+ "imageStreamImportMode": {
+ "description": "imageStreamImportMode provides the import mode value for imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.If this value is specified, this setting is applied to all newly created imagestreams which do not have the value set.\n\nPossible enum values:\n - `\"Legacy\"` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. This mode is the default.\n - `\"PreserveOriginal\"` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.",
+ "type": "string",
+ "default": "",
+ "enum": [
+ "Legacy",
+ "PreserveOriginal"
+ ]
+ },
"internalRegistryHostname": {
"description": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format.",
"type": "string",
diff --git a/openshiftcontrolplane/v1/types.go b/openshiftcontrolplane/v1/types.go
index f077f98ab07..33e3cf2912f 100644
--- a/openshiftcontrolplane/v1/types.go
+++ b/openshiftcontrolplane/v1/types.go
@@ -117,6 +117,23 @@ type RoutingConfig struct {
Subdomain string `json:"subdomain"`
}
+// ImportModeType describes how to import an image manifest.
+// +enum
+// +kubebuilder:validation:Enum:="";Legacy;PreserveOriginal
+type ImportModeType string
+
+const (
+ // ImportModeLegacy indicates that the legacy behaviour should be used.
+ // For manifest lists, the legacy behaviour will discard the manifest list and import a single
+ // sub-manifest. In this case, the platform is chosen in the following order of priority:
+ // 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list.
+ // This mode is the default.
+ ImportModeLegacy ImportModeType = "Legacy"
+ // ImportModePreserveOriginal indicates that the original manifest will be preserved.
+ // For manifest lists, the manifest list and all its sub-manifests will be imported.
+ ImportModePreserveOriginal ImportModeType = "PreserveOriginal"
+)
+
type ImagePolicyConfig struct {
// maxImagesBulkImportedPerRepository controls the number of images that are imported when a user
// does a bulk import of a container repository. This number is set low to prevent users from
@@ -142,6 +159,19 @@ type ImagePolicyConfig struct {
// additionalTrustedCA is a path to a pem bundle file containing additional CAs that
// should be trusted during imagestream import.
AdditionalTrustedCA string `json:"additionalTrustedCA"`
+
+ // imageStreamImportMode provides the import mode value for imagestreams.
+ // It can be `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour
+ // should be used. For manifest lists, the legacy behaviour will discard the manifest list
+ // and import a single sub-manifest. In this case, the platform is chosen in the following
+ // order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first
+ // manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved.
+ // For manifest lists, the manifest list and all its sub-manifests will be imported.If this value
+ // is specified, this setting is applied to all newly created imagestreams which do not have the
+ // value set.
+ // +openshift:enable:FeatureGate=ImageStreamImportMode
+ // +optional
+ ImageStreamImportMode ImportModeType `json:"imageStreamImportMode"`
}
// AllowedRegistries represents a list of registries allowed for the image import.
diff --git a/openshiftcontrolplane/v1/zz_generated.swagger_doc_generated.go b/openshiftcontrolplane/v1/zz_generated.swagger_doc_generated.go
index 25a9333bbf4..5162e46ba0c 100644
--- a/openshiftcontrolplane/v1/zz_generated.swagger_doc_generated.go
+++ b/openshiftcontrolplane/v1/zz_generated.swagger_doc_generated.go
@@ -114,6 +114,7 @@ var map_ImagePolicyConfig = map[string]string{
"internalRegistryHostname": "internalRegistryHostname sets the hostname for the default internal image registry. The value must be in \"hostname[:port]\" format.",
"externalRegistryHostnames": "externalRegistryHostnames provides the hostnames for the default external image registry. The external hostname should be set only when the image registry is exposed externally. The first value is used in 'publicDockerImageRepository' field in ImageStreams. The value must be in \"hostname[:port]\" format.",
"additionalTrustedCA": "additionalTrustedCA is a path to a pem bundle file containing additional CAs that should be trusted during imagestream import.",
+ "imageStreamImportMode": "imageStreamImportMode provides the import mode value for imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy` indicates that the legacy behaviour should be used. For manifest lists, the legacy behaviour will discard the manifest list and import a single sub-manifest. In this case, the platform is chosen in the following order of priority: 1. tag annotations; 2. control plane arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal` indicates that the original manifest will be preserved. For manifest lists, the manifest list and all its sub-manifests will be imported.If this value is specified, this setting is applied to all newly created imagestreams which do not have the value set.",
}
func (ImagePolicyConfig) SwaggerDoc() map[string]string {
diff --git a/payload-manifests/crds/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml
new file mode 100644
index 00000000000..5a188f0bf40
--- /dev/null
+++ b/payload-manifests/crds/0000_10_config-operator_01_images-CustomNoUpgrade.crd.yaml
@@ -0,0 +1,211 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/470
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: CustomNoUpgrade
+ name: images.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Image
+ listKind: ImageList
+ plural: images
+ singular: image
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: "Image governs policies related to imagestream imports and runtime
+ configuration for external registries. It allows cluster admins to configure
+ which registries OpenShift is allowed to import images from, extra CA trust
+ bundles for external registries, and policies to block or allow registry
+ hostnames. When exposing OpenShift's image registry to the public, this
+ also lets cluster admins specify the external hostname. \n Compatibility
+ level 1: Stable within a major release for a minimum of 12 months or 3 minor
+ releases (whichever is longer)."
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec holds user settable values for configuration
+ properties:
+ additionalTrustedCA:
+ description: additionalTrustedCA is a reference to a ConfigMap containing
+ additional CAs that should be trusted during imagestream import,
+ pod image pull, build image pull, and imageregistry pullthrough.
+ The namespace for this config map is openshift-config.
+ properties:
+ name:
+ description: name is the metadata.name of the referenced config
+ map
+ type: string
+ required:
+ - name
+ type: object
+ allowedRegistriesForImport:
+ description: allowedRegistriesForImport limits the container image
+ registries that normal users may import images from. Set this list
+ to the registries that you trust to contain valid Docker images
+ and that you want applications to be able to import from. Users
+ with permission to create Images or ImageStreamMappings via the
+ API are not affected by this policy - typically only administrators
+ or system integrations will have those permissions.
+ items:
+ description: RegistryLocation contains a location of the registry
+ specified by the registry domain name. The domain name might include
+ wildcards, like '*' or '??'.
+ properties:
+ domainName:
+ description: domainName specifies a domain name for the registry
+ In case the registry use non-standard (80 or 443) port, the
+ port should be included in the domain name as well.
+ type: string
+ insecure:
+ description: insecure indicates whether the registry is secure
+ (https) or insecure (http) By default (if not specified) the
+ registry is assumed as secure.
+ type: boolean
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ externalRegistryHostnames:
+ description: externalRegistryHostnames provides the hostnames for
+ the default external image registry. The external hostname should
+ be set only when the image registry is exposed externally. The first
+ value is used in 'publicDockerImageRepository' field in ImageStreams.
+ The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: 'imageStreamImportMode controls the import mode behaviour
+ of imagestreams. It can be set to `Legacy` or `PreserveOriginal`
+ or the empty string. If this value is specified, this setting is
+ applied to all newly created imagestreams which do not have the
+ value set. `Legacy` indicates that the legacy behaviour should be
+ used. For manifest lists, the legacy behaviour will discard the
+ manifest list and import a single sub-manifest. In this case, the
+ platform is chosen in the following order of priority: 1. tag annotations;
+ 2. control plane arch/os; 3. linux/amd64; 4. the first manifest
+ in the list. `PreserveOriginal` indicates that the original manifest
+ will be preserved. For manifest lists, the manifest list and all
+ its sub-manifests will be imported. When empty, the behaviour will
+ be decided based on the payload type advertised by the ClusterVersion
+ status, i.e single arch payload implies the import mode is Legacy
+ and multi payload implies PreserveOriginal.'
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ registrySources:
+ description: registrySources contains configuration that determines
+ how the container runtime should treat individual registries when
+ accessing images for builds+pods. (e.g. whether or not to allow
+ insecure access). It does not contain configuration for the internal
+ cluster registry.
+ properties:
+ allowedRegistries:
+ description: "allowedRegistries are the only registries permitted
+ for image pull and push actions. All other registries are denied.
+ \n Only one of BlockedRegistries or AllowedRegistries may be
+ set."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ blockedRegistries:
+ description: "blockedRegistries cannot be used for image pull
+ and push actions. All other registries are permitted. \n Only
+ one of BlockedRegistries or AllowedRegistries may be set."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ containerRuntimeSearchRegistries:
+ description: 'containerRuntimeSearchRegistries are registries
+ that will be searched when pulling images that do not have fully
+ qualified domains in their pull specs. Registries will be searched
+ in the order provided in the list. Note: this search list only
+ works with the container runtime, i.e CRI-O. Will NOT work with
+ builds or imagestream imports.'
+ format: hostname
+ items:
+ type: string
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ insecureRegistries:
+ description: insecureRegistries are registries which do not have
+ a valid TLS certificates or only support HTTP connections.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ properties:
+ externalRegistryHostnames:
+ description: externalRegistryHostnames provides the hostnames for
+ the default external image registry. The external hostname should
+ be set only when the image registry is exposed externally. The first
+ value is used in 'publicDockerImageRepository' field in ImageStreams.
+ The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: 'imageStreamImportMode controls the import mode behaviour
+ of imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy`
+ indicates that the legacy behaviour should be used. For manifest
+ lists, the legacy behaviour will discard the manifest list and import
+ a single sub-manifest. In this case, the platform is chosen in the
+ following order of priority: 1. tag annotations; 2. control plane
+ arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal`
+ indicates that the original manifest will be preserved. For manifest
+ lists, the manifest list and all its sub-manifests will be imported.
+ This value will be reconciled based on either the spec value or
+ if no spec value is specified, the image registry operator would
+ look at the ClusterVersion status to determine the payload type
+ and set the import mode accordingly, i.e single arch payload implies
+ the import mode is Legacy and multi payload implies PreserveOriginal.'
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ internalRegistryHostname:
+ description: internalRegistryHostname sets the hostname for the default
+ internal image registry. The value must be in "hostname[:port]"
+ format. This value is set by the image registry operator which controls
+ the internal registry hostname.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/payload-manifests/crds/0000_10_config-operator_01_images.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_images-Default.crd.yaml
similarity index 96%
rename from payload-manifests/crds/0000_10_config-operator_01_images.crd.yaml
rename to payload-manifests/crds/0000_10_config-operator_01_images-Default.crd.yaml
index 9c4ff628f79..0b62838deeb 100644
--- a/payload-manifests/crds/0000_10_config-operator_01_images.crd.yaml
+++ b/payload-manifests/crds/0000_10_config-operator_01_images-Default.crd.yaml
@@ -7,6 +7,7 @@ metadata:
include.release.openshift.io/ibm-cloud-managed: "true"
include.release.openshift.io/self-managed-high-availability: "true"
release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: Default
name: images.config.openshift.io
spec:
group: config.openshift.io
@@ -82,6 +83,7 @@ spec:
type: boolean
type: object
type: array
+ x-kubernetes-list-type: atomic
externalRegistryHostnames:
description: externalRegistryHostnames provides the hostnames for
the default external image registry. The external hostname should
@@ -91,6 +93,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
registrySources:
description: registrySources contains configuration that determines
how the container runtime should treat individual registries when
@@ -106,6 +109,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
blockedRegistries:
description: "blockedRegistries cannot be used for image pull
and push actions. All other registries are permitted. \n Only
@@ -113,6 +117,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
containerRuntimeSearchRegistries:
description: 'containerRuntimeSearchRegistries are registries
that will be searched when pulling images that do not have fully
@@ -132,6 +137,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
type: object
type: object
status:
@@ -147,6 +153,7 @@ spec:
items:
type: string
type: array
+ x-kubernetes-list-type: atomic
internalRegistryHostname:
description: internalRegistryHostname sets the hostname for the default
internal image registry. The value must be in "hostname[:port]"
diff --git a/payload-manifests/crds/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml
new file mode 100644
index 00000000000..dcd2e2f8e31
--- /dev/null
+++ b/payload-manifests/crds/0000_10_config-operator_01_images-DevPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,211 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/470
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: DevPreviewNoUpgrade
+ name: images.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Image
+ listKind: ImageList
+ plural: images
+ singular: image
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: "Image governs policies related to imagestream imports and runtime
+ configuration for external registries. It allows cluster admins to configure
+ which registries OpenShift is allowed to import images from, extra CA trust
+ bundles for external registries, and policies to block or allow registry
+ hostnames. When exposing OpenShift's image registry to the public, this
+ also lets cluster admins specify the external hostname. \n Compatibility
+ level 1: Stable within a major release for a minimum of 12 months or 3 minor
+ releases (whichever is longer)."
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec holds user settable values for configuration
+ properties:
+ additionalTrustedCA:
+ description: additionalTrustedCA is a reference to a ConfigMap containing
+ additional CAs that should be trusted during imagestream import,
+ pod image pull, build image pull, and imageregistry pullthrough.
+ The namespace for this config map is openshift-config.
+ properties:
+ name:
+ description: name is the metadata.name of the referenced config
+ map
+ type: string
+ required:
+ - name
+ type: object
+ allowedRegistriesForImport:
+ description: allowedRegistriesForImport limits the container image
+ registries that normal users may import images from. Set this list
+ to the registries that you trust to contain valid Docker images
+ and that you want applications to be able to import from. Users
+ with permission to create Images or ImageStreamMappings via the
+ API are not affected by this policy - typically only administrators
+ or system integrations will have those permissions.
+ items:
+ description: RegistryLocation contains a location of the registry
+ specified by the registry domain name. The domain name might include
+ wildcards, like '*' or '??'.
+ properties:
+ domainName:
+ description: domainName specifies a domain name for the registry
+ In case the registry use non-standard (80 or 443) port, the
+ port should be included in the domain name as well.
+ type: string
+ insecure:
+ description: insecure indicates whether the registry is secure
+ (https) or insecure (http) By default (if not specified) the
+ registry is assumed as secure.
+ type: boolean
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ externalRegistryHostnames:
+ description: externalRegistryHostnames provides the hostnames for
+ the default external image registry. The external hostname should
+ be set only when the image registry is exposed externally. The first
+ value is used in 'publicDockerImageRepository' field in ImageStreams.
+ The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: 'imageStreamImportMode controls the import mode behaviour
+ of imagestreams. It can be set to `Legacy` or `PreserveOriginal`
+ or the empty string. If this value is specified, this setting is
+ applied to all newly created imagestreams which do not have the
+ value set. `Legacy` indicates that the legacy behaviour should be
+ used. For manifest lists, the legacy behaviour will discard the
+ manifest list and import a single sub-manifest. In this case, the
+ platform is chosen in the following order of priority: 1. tag annotations;
+ 2. control plane arch/os; 3. linux/amd64; 4. the first manifest
+ in the list. `PreserveOriginal` indicates that the original manifest
+ will be preserved. For manifest lists, the manifest list and all
+ its sub-manifests will be imported. When empty, the behaviour will
+ be decided based on the payload type advertised by the ClusterVersion
+ status, i.e single arch payload implies the import mode is Legacy
+ and multi payload implies PreserveOriginal.'
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ registrySources:
+ description: registrySources contains configuration that determines
+ how the container runtime should treat individual registries when
+ accessing images for builds+pods. (e.g. whether or not to allow
+ insecure access). It does not contain configuration for the internal
+ cluster registry.
+ properties:
+ allowedRegistries:
+ description: "allowedRegistries are the only registries permitted
+ for image pull and push actions. All other registries are denied.
+ \n Only one of BlockedRegistries or AllowedRegistries may be
+ set."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ blockedRegistries:
+ description: "blockedRegistries cannot be used for image pull
+ and push actions. All other registries are permitted. \n Only
+ one of BlockedRegistries or AllowedRegistries may be set."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ containerRuntimeSearchRegistries:
+ description: 'containerRuntimeSearchRegistries are registries
+ that will be searched when pulling images that do not have fully
+ qualified domains in their pull specs. Registries will be searched
+ in the order provided in the list. Note: this search list only
+ works with the container runtime, i.e CRI-O. Will NOT work with
+ builds or imagestream imports.'
+ format: hostname
+ items:
+ type: string
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ insecureRegistries:
+ description: insecureRegistries are registries which do not have
+ a valid TLS certificates or only support HTTP connections.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ properties:
+ externalRegistryHostnames:
+ description: externalRegistryHostnames provides the hostnames for
+ the default external image registry. The external hostname should
+ be set only when the image registry is exposed externally. The first
+ value is used in 'publicDockerImageRepository' field in ImageStreams.
+ The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: 'imageStreamImportMode controls the import mode behaviour
+ of imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy`
+ indicates that the legacy behaviour should be used. For manifest
+ lists, the legacy behaviour will discard the manifest list and import
+ a single sub-manifest. In this case, the platform is chosen in the
+ following order of priority: 1. tag annotations; 2. control plane
+ arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal`
+ indicates that the original manifest will be preserved. For manifest
+ lists, the manifest list and all its sub-manifests will be imported.
+ This value will be reconciled based on either the spec value or
+ if no spec value is specified, the image registry operator would
+ look at the ClusterVersion status to determine the payload type
+ and set the import mode accordingly, i.e single arch payload implies
+ the import mode is Legacy and multi payload implies PreserveOriginal.'
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ internalRegistryHostname:
+ description: internalRegistryHostname sets the hostname for the default
+ internal image registry. The value must be in "hostname[:port]"
+ format. This value is set by the image registry operator which controls
+ the internal registry hostname.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/payload-manifests/crds/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml b/payload-manifests/crds/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml
new file mode 100644
index 00000000000..a733a86f0f5
--- /dev/null
+++ b/payload-manifests/crds/0000_10_config-operator_01_images-TechPreviewNoUpgrade.crd.yaml
@@ -0,0 +1,211 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.openshift.io: https://github.com/openshift/api/pull/470
+ api.openshift.io/merged-by-featuregates: "true"
+ include.release.openshift.io/ibm-cloud-managed: "true"
+ include.release.openshift.io/self-managed-high-availability: "true"
+ release.openshift.io/bootstrap-required: "true"
+ release.openshift.io/feature-set: TechPreviewNoUpgrade
+ name: images.config.openshift.io
+spec:
+ group: config.openshift.io
+ names:
+ kind: Image
+ listKind: ImageList
+ plural: images
+ singular: image
+ scope: Cluster
+ versions:
+ - name: v1
+ schema:
+ openAPIV3Schema:
+ description: "Image governs policies related to imagestream imports and runtime
+ configuration for external registries. It allows cluster admins to configure
+ which registries OpenShift is allowed to import images from, extra CA trust
+ bundles for external registries, and policies to block or allow registry
+ hostnames. When exposing OpenShift's image registry to the public, this
+ also lets cluster admins specify the external hostname. \n Compatibility
+ level 1: Stable within a major release for a minimum of 12 months or 3 minor
+ releases (whichever is longer)."
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation
+ of an object. Servers should convert recognized schemas to the latest
+ internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this
+ object represents. Servers may infer this from the endpoint the client
+ submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: spec holds user settable values for configuration
+ properties:
+ additionalTrustedCA:
+ description: additionalTrustedCA is a reference to a ConfigMap containing
+ additional CAs that should be trusted during imagestream import,
+ pod image pull, build image pull, and imageregistry pullthrough.
+ The namespace for this config map is openshift-config.
+ properties:
+ name:
+ description: name is the metadata.name of the referenced config
+ map
+ type: string
+ required:
+ - name
+ type: object
+ allowedRegistriesForImport:
+ description: allowedRegistriesForImport limits the container image
+ registries that normal users may import images from. Set this list
+ to the registries that you trust to contain valid Docker images
+ and that you want applications to be able to import from. Users
+ with permission to create Images or ImageStreamMappings via the
+ API are not affected by this policy - typically only administrators
+ or system integrations will have those permissions.
+ items:
+ description: RegistryLocation contains a location of the registry
+ specified by the registry domain name. The domain name might include
+ wildcards, like '*' or '??'.
+ properties:
+ domainName:
+ description: domainName specifies a domain name for the registry
+ In case the registry use non-standard (80 or 443) port, the
+ port should be included in the domain name as well.
+ type: string
+ insecure:
+ description: insecure indicates whether the registry is secure
+ (https) or insecure (http) By default (if not specified) the
+ registry is assumed as secure.
+ type: boolean
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ externalRegistryHostnames:
+ description: externalRegistryHostnames provides the hostnames for
+ the default external image registry. The external hostname should
+ be set only when the image registry is exposed externally. The first
+ value is used in 'publicDockerImageRepository' field in ImageStreams.
+ The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: 'imageStreamImportMode controls the import mode behaviour
+ of imagestreams. It can be set to `Legacy` or `PreserveOriginal`
+ or the empty string. If this value is specified, this setting is
+ applied to all newly created imagestreams which do not have the
+ value set. `Legacy` indicates that the legacy behaviour should be
+ used. For manifest lists, the legacy behaviour will discard the
+ manifest list and import a single sub-manifest. In this case, the
+ platform is chosen in the following order of priority: 1. tag annotations;
+ 2. control plane arch/os; 3. linux/amd64; 4. the first manifest
+ in the list. `PreserveOriginal` indicates that the original manifest
+ will be preserved. For manifest lists, the manifest list and all
+ its sub-manifests will be imported. When empty, the behaviour will
+ be decided based on the payload type advertised by the ClusterVersion
+ status, i.e single arch payload implies the import mode is Legacy
+ and multi payload implies PreserveOriginal.'
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ registrySources:
+ description: registrySources contains configuration that determines
+ how the container runtime should treat individual registries when
+ accessing images for builds+pods. (e.g. whether or not to allow
+ insecure access). It does not contain configuration for the internal
+ cluster registry.
+ properties:
+ allowedRegistries:
+ description: "allowedRegistries are the only registries permitted
+ for image pull and push actions. All other registries are denied.
+ \n Only one of BlockedRegistries or AllowedRegistries may be
+ set."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ blockedRegistries:
+ description: "blockedRegistries cannot be used for image pull
+ and push actions. All other registries are permitted. \n Only
+ one of BlockedRegistries or AllowedRegistries may be set."
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ containerRuntimeSearchRegistries:
+ description: 'containerRuntimeSearchRegistries are registries
+ that will be searched when pulling images that do not have fully
+ qualified domains in their pull specs. Registries will be searched
+ in the order provided in the list. Note: this search list only
+ works with the container runtime, i.e CRI-O. Will NOT work with
+ builds or imagestream imports.'
+ format: hostname
+ items:
+ type: string
+ minItems: 1
+ type: array
+ x-kubernetes-list-type: set
+ insecureRegistries:
+ description: insecureRegistries are registries which do not have
+ a valid TLS certificates or only support HTTP connections.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ type: object
+ type: object
+ status:
+ description: status holds observed values from the cluster. They may not
+ be overridden.
+ properties:
+ externalRegistryHostnames:
+ description: externalRegistryHostnames provides the hostnames for
+ the default external image registry. The external hostname should
+ be set only when the image registry is exposed externally. The first
+ value is used in 'publicDockerImageRepository' field in ImageStreams.
+ The value must be in "hostname[:port]" format.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ imageStreamImportMode:
+ description: 'imageStreamImportMode controls the import mode behaviour
+ of imagestreams. It can be `Legacy` or `PreserveOriginal`. `Legacy`
+ indicates that the legacy behaviour should be used. For manifest
+ lists, the legacy behaviour will discard the manifest list and import
+ a single sub-manifest. In this case, the platform is chosen in the
+ following order of priority: 1. tag annotations; 2. control plane
+ arch/os; 3. linux/amd64; 4. the first manifest in the list. `PreserveOriginal`
+ indicates that the original manifest will be preserved. For manifest
+ lists, the manifest list and all its sub-manifests will be imported.
+ This value will be reconciled based on either the spec value or
+ if no spec value is specified, the image registry operator would
+ look at the ClusterVersion status to determine the payload type
+ and set the import mode accordingly, i.e single arch payload implies
+ the import mode is Legacy and multi payload implies PreserveOriginal.'
+ enum:
+ - ""
+ - Legacy
+ - PreserveOriginal
+ type: string
+ internalRegistryHostname:
+ description: internalRegistryHostname sets the hostname for the default
+ internal image registry. The value must be in "hostname[:port]"
+ format. This value is set by the image registry operator which controls
+ the internal registry hostname.
+ type: string
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
diff --git a/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml b/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml
index ab63f36acf5..2af707bffd5 100644
--- a/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml
+++ b/payload-manifests/featuregates/featureGate-Hypershift-Default.yaml
@@ -61,6 +61,9 @@
{
"name": "GatewayAPI"
},
+ {
+ "name": "ImageStreamImportMode"
+ },
{
"name": "InsightsConfig"
},
diff --git a/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml
index 65f35d160bb..1f193b8e683 100644
--- a/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml
+++ b/payload-manifests/featuregates/featureGate-Hypershift-DevPreviewNoUpgrade.yaml
@@ -140,6 +140,9 @@
{
"name": "HardwareSpeed"
},
+ {
+ "name": "ImageStreamImportMode"
+ },
{
"name": "IngressControllerLBSubnetsAWS"
},
diff --git a/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml
index b9dec2bb322..2536ebcb302 100644
--- a/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml
+++ b/payload-manifests/featuregates/featureGate-Hypershift-TechPreviewNoUpgrade.yaml
@@ -140,6 +140,9 @@
{
"name": "HardwareSpeed"
},
+ {
+ "name": "ImageStreamImportMode"
+ },
{
"name": "IngressControllerLBSubnetsAWS"
},
diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml
index 758578b71c9..0eaf54dabcf 100644
--- a/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml
+++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-Default.yaml
@@ -64,6 +64,9 @@
{
"name": "GatewayAPI"
},
+ {
+ "name": "ImageStreamImportMode"
+ },
{
"name": "InsightsConfig"
},
diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml
index d3d7a95f892..4a8216078c5 100644
--- a/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml
+++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-DevPreviewNoUpgrade.yaml
@@ -140,6 +140,9 @@
{
"name": "HardwareSpeed"
},
+ {
+ "name": "ImageStreamImportMode"
+ },
{
"name": "IngressControllerLBSubnetsAWS"
},
diff --git a/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml b/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml
index 50dae7bcd48..40d67fccb7e 100644
--- a/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml
+++ b/payload-manifests/featuregates/featureGate-SelfManagedHA-TechPreviewNoUpgrade.yaml
@@ -140,6 +140,9 @@
{
"name": "HardwareSpeed"
},
+ {
+ "name": "ImageStreamImportMode"
+ },
{
"name": "IngressControllerLBSubnetsAWS"
},